Recently, ADI and Tri-Ed both started OEMing Hikvision products. Reference - IPVM test on ADI W Box, IPVM test of Tri-Ed Northern Video.
Both ADI and Tri-Ed are using old firmware (respectively 5.2 and 5.1) that were involved in major Hikvision hacks from March 2015. Since then, Hikvision has released a significant upgrade (see IPVM Hikvision 5.3 test results) to help mitigate the core problems.
Why ADI and Tri-Ed are still using risky, out of date firmware is unclear.
[UPDATE: Tri-Ed has fixed / upgraded to 5.3]
However, this is clearly shown when connecting ADI and Tri-Ed cameras to Hikvision's VMS:
This month, Hikvision has been hit with another hacking incident (this time for its mobile app). While ADI and Tri-Ed's app versions do not appear to be infected for this (because they are using older app versions that were not compromised), this does underscore Hikvision and their OEM partners continued risk for other attacks (such as out of date 'risky' camera firmware).
Upgrade Not Possible
IPVM has verified that upgrading ADI and Tri-Ed OEMed cameras with the 'strong' security version from Hikvision will not work. Unforunately, as of this publication, there are no released ADI and Tri-Ed versions available.
The reality is that the average ADI and Tri-Ed user is likely buying for low price and on the shelf convenience, not considering such issues. However, it does not mean these issues disappear.
Worse, once this is installed, the firmware may not be upgraded ever (or for years) leaving these vulnerabilities open indefinitely for attack.
If and when upgraded 'strong' security firmware versions are released, we will add to this post.
[Update March 2016: Tri-Ed has released the 5.3 firmware. ADI has not.]
6 reports cite this report:
Hacked DVRs Surge To 400,000
on Oct 19, 2016
The global internet is under attack from record breaking botnets. And it is getting worse, Mirai doubled in size in the last month.
Hikvision Ezviz Tested
on Dec 28, 2015
Last month, Hikvision Launched Direct End User Sales with their Ezviz line, sold through online and big box channels direct to consumers.
The Hikvision Hacking Scandal Returns
on Sep 22, 2015
With a vengeance.
The last time, the industry mostly shook it off. This time, it is clearly much worse.
In this note, we examine Hikvision's...
Related Reports on Hacking
Broken Hikvision App Exposes Hypocrisy
on Dec 06, 2017
While Hikvision talks about a commitment to cybersecurity, their broken app and their insecure 'solution' exposes not only their engineering...
Hikvision UPnP Hacking Risk
on Dec 04, 2017
Hikvision IP cameras are being hacked even for end users who had not set up port forwarding and believed their cameras were 'safe' behind...
WSJ Investigates Hikvision
on Nov 13, 2017
The Wall Street Journal (WSJ) has released a detailed investigation into Hikvision's government ownership and cybersecurity problems, hitting the...
Hikvision Admits Backdoor 'PR Issue'
on Oct 24, 2017
Hikvision is admitting a problem.
The backdoor itself is evidently not the problem for them.
The problem, according to Hikvision, is a public...
Uniview Recorder Backdoor Examined
on Oct 20, 2017
A Chinese research group has identified a vulnerability in Uniview recorders that allows backdoor access in a method similar to the Dahua...
Most Recent Industry Reports
Integrator Managing Projects Statistics
on Dec 14, 2017
Who actually manages projects for security integrators? Does the average security integrator have dedicated project managers, or are technicians,...
Hikvision NVR Load Testing
on Dec 14, 2017
IPVM members recently debated Hikvision NVR's performance under load in Hikvision 30+ Cameras On NVR - Apps And Client Really Slow Down And CPU...
This Manufacturer Shuns IP Cameras
on Dec 14, 2017
One manufacturer has chosen a bold strategy in avoiding getting caught up in the race to the bottom: shun IP solutions.
We spoke with an executive...
BBC Features Dahua
on Dec 13, 2017
Hikvision is not the only mega-Chinese video surveillance manufacturer getting global attention. Last month, the WSJ investigated Hikvision and now...
Hiring Camera Calculator Product Manager
on Dec 12, 2017
We are working on making the Camera Calculator even better and hoping you can help us find the right person to join our team.
IPVM is hiring a...