Warning: ADI and Tri-Ed Video Products Major Security Risk

By: John Honovich, Published on Sep 22, 2015

Recently, ADI and Tri-Ed both started OEMing Hikvision products. Reference - IPVM test on ADI W Box, IPVM test of Tri-Ed Northern Video.

Both ADI and Tri-Ed are using old firmware (respectively 5.2 and 5.1) that were involved in major Hikvision hacks from March 2015. Since then, Hikvision has released a significant upgrade (see IPVM Hikvision 5.3 test results) to help mitigate the core problems.

Why ADI and Tri-Ed are still using risky, out of date firmware is unclear.

[UPDATE: Tri-Ed has fixed / upgraded to 5.3]

However, this is clearly shown when connecting ADI and Tri-Ed cameras to Hikvision's VMS:

This month, Hikvision has been hit with another hacking incident (this time for its mobile app). While ADI and Tri-Ed's app versions do not appear to be infected for this (because they are using older app versions that were not compromised), this does underscore Hikvision and their OEM partners continued risk for other attacks (such as out of date 'risky' camera firmware).

Upgrade Not Possible

IPVM has verified that upgrading ADI and Tri-Ed OEMed cameras with the 'strong' security version from Hikvision will not work. Unforunately, as of this publication, there are no released ADI and Tri-Ed versions available.

Risks

The reality is that the average ADI and Tri-Ed user is likely buying for low price and on the shelf convenience, not considering such issues. However, it does not mean these issues disappear.

Worse, once this is installed, the firmware may not be upgraded ever (or for years) leaving these vulnerabilities open indefinitely for attack.

If and when upgraded 'strong' security firmware versions are released, we will add to this post.

[Update March 2016: Tri-Ed has released the 5.3 firmware. ADI has not.]

6 reports cite this report:

Hacked DVRs Surge To 400,000 on Oct 19, 2016
The global internet is under attack from record breaking botnets. And it is...
ADI Finally Fixes Hikvision OEM'd Security Risk on Jun 09, 2016
After refusing for months to fix the obvious security risks, ADI has given in...
ADI Refuses to Fix Their OEM'd Hikvision Security Risks [Solved] on Mar 09, 2016
More than a year after massive hacks against Hikvision was disclosed; More...
Hikvision Ezviz Tested on Dec 28, 2015
Last month, Hikvision Launched Direct End User Sales with their Ezviz line,...
IP Camera Trolling - Cybersecurity Showcase on Nov 09, 2015
If you want to convince your customers about the importance of cybersecurity...
Hikvision Trojan Mobile App on Sep 22, 2015
With a vengeance. The last time, the industry mostly shook it off. This...
Comments (19) : Members only. Login. or Join.

Related Reports

Avigilon Now Available At ADI In EMEA, Not Americas on Jul 21, 2020
ADI, the home for Dahua and Hikvision flash sales, is now selling Motorola...
K3 Pro Wall Mounted IR Gun Tested on Aug 28, 2020
The original K3 model was lacking in features that the K7 model had and was...
Taiwan Lilin NDAA Compliant Cameras Tested on Aug 13, 2020
Taiwan-based manufacturer Lilin is taking direct aim at Dahua and Hikvision...
Dahua, Hikvision, ZKTeco Face Mask Detection Shootout on Jun 19, 2020
Temperature tablets with face mask detection are one of the hottest trends in...
Milestone Presents XProtect On AWS on May 04, 2020
Milestone presented its XProtect on AWS offering at the April 2020 IPVM New...
K7 Wall Mounted IR Temp Gun Tested on Jun 26, 2020
The original K3 model was missing a number of important features but the...
Mobotix 7 Line Camera Tested on Mar 12, 2020
Mobotix is attempting a turn-around, struggling for years, then releasing the...
Avigilon Open Analytics Tested on Apr 16, 2020
After years of effectively closed analytics, Avigilon decided in late 2018 to...
Dahua Critical Cloud Vulnerabilities on May 12, 2020
Dahua has acknowledged a series of cloud vulnerabilities that researcher...
Video Analytics Online Show 2020 - 35+ Manufacturer On-Demand Recordings on Sep 04, 2020
This show featured 35+ Video Analytics providers showcasing their latest...
Uniview Deep Learning Camera Tested on Jul 14, 2020
Uniview's intrusion analytics have performed poorly in our shootouts. Now,...
YOLOv5 Released Amidst Controversy on Jul 27, 2020
YOLO has gained significant attention within video surveillance for its...
Verkada Falsely Claims "First Native Cloud-based Access Control and Video Security Solution" on Jun 18, 2020
Verkada's false claims continue, this time to be the first native cloud-based...
Video Surveillance Trends 101 on Apr 01, 2020
This report examines major industry factors and how they could impact video...
Quantum Dots Potential for Surveillance Cameras Explained on Sep 08, 2020
Quantum dots are starting to be used in TVs for better images, but how will...

Recent Reports

OnTech Smart Services Partners With Google and Amazon To Compete With Integrators on Sep 25, 2020
A pain point for many homeowners to use consumer security and surveillance is...
The Future of Metalens For Video Surveillance Cameras - MIT / UMass / Immervision on Sep 25, 2020
Panoramic cameras using 'fisheye' lens have become commonplace in video...
Hikvision Sues Over Brazilian Airport Loss on Sep 24, 2020
Hikvision was excluded from a Brazilian airport project because it is owned...
China General Chamber of Commerce Calls Out US Politics on Sep 24, 2020
While US-China relations are at an all-time low, optimism about relations...
Verkada Disruptive Embedded Live Help on Sep 24, 2020
Call up your integrator? Have someone come by the next day? Verkada is...
IP Networking Course Fall 2020 - Last Chance - Register Now on Sep 23, 2020
Today is the last chance to register for the only IP networking course...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Norway Council of Ethics Finds Hikvision Human Rights Abuses "Ongoing" on Sep 23, 2020
Hikvision's involvement in "serious human rights abuse" in Xinjiang is...
IPVM Camera Calculator User Manual / Guide on Sep 23, 2020
Learn how to use the IPVM Camera Calculator (updated for Version 3.1). The...
Installation Course Fall 2020 - Save $50 - Last Chance on Sep 22, 2020
This is a unique installation course in a market where little practical...
SimpliSafe Business Security Launched Examined on Sep 22, 2020
SimpliSafe has launched "SimpliSafe Business Security" that the company...
FLIR CEO: Many New Fever Entrants "Making Claims That The Science Just Won't Support" on Sep 22, 2020
FLIR's CEO joins a growing number calling out risks with fever / screening...
China Bems Temperature Measurement Terminal Tested on Sep 22, 2020
Guangzhou Bems (brand Benshi) is the manufacturer behind temperature...
Axis Exports To China Police Criticized By Amnesty International on Sep 21, 2020
Axis Communications and other EU surveillance providers are under fire from...
Milestone XProtect on AWS Tested on Sep 21, 2020
Milestone finally launched multiple cloud solutions in 2020, taking a...