Cyberattacks are a part of the current atmosphere of network computing devices. Due to this reality, VIVOTEK pushes forth with industry best practices in order to reduce security vulnerabilities in our products.
VIVOTEK cybersecurity assurance efforts are built into the lifecycle of its products, including development, verification, manufacturing, delivery and service. We are constantly evaluating and enhancing our cybersecurity efforts in order to provide our valued customers with the highest quality and most reliable products. Although VIVOTEK cannot protect standardized network protocols and services from cyberattacks, we are committed to helping minimize and stopping such events from occurring on VIVOTEK products.
Collaborating in Cyber Protection
Cybersecurity Management |
Alliance with Trend Micro |
Understand Cyber Risks |
In collaboration with industry-leading cybersecurity software partners, VIVOTEK focuses on making network security products and software that meet industry protocols as well as constantly developing shields to increase your protection from various cyberattacks. By choosing VIVOTEK solutions, users can experience not only high-quality products, but also safer network environments.
Cybersecurity Management
VIVOTEK follows the best industry practices in building our security solutions, from product design and firmware development to 3rd party testing and reviews:
- Follows the Open Web Application Security Project (OWASP) Top 10 Guideline for IoT device, mobile, and website codes.
- Performs internal product security code reviews.
- Applies static code analysis to make sure software reliability and code quality.
- Conducts penetration testing by Devcore, a 3rd party security advisor for review and recommendation.
- Provides the Vulnerability Policy, Hardening Guide, and Security Advisories for users to understand their cybersecurity needs and risks.
Cybersecurity Report Process
Timely response and transparency
Alliance with Trend Micro
VIVOTEK is the world’s first network surveillance solution manufacturer to cooperate with the world-renowned cybersecurity company, Trend Micro. Through network cameras armed with Trend Micro’s anti-intrusion software, VIVOTEK brings high security and robust network surveillance to secure lives and protect data. |
Multi-Layer Protection Solution for Surveillance Cameras
- Brute Force Attack Detection
When the system detects brute-force attacks based on a defined number of failed login attempts, it will automatically activate a defense mechanism to block that IP address and prevent further attacks.
- Intrusion Detection and Prevention
After shutting down if any malware or abnormal access behavior is detected, any attempt to control the console, access controversial websites, or any intrusion behavior will be automatically secured by the offense mechanism.
- Instant Damage Control
If an unknown attack occurs, the system will remotely patch all data and transfer it to the anti-intrusion team to analyze and solve it in a timely manner, effectively decreasing the spread of internal infections, and letting users get back to work safely and quickly.
Trend Micro Security for Surveillance Cameras (TMIS-CAM)
Understand Your Cyber Risks
To safeguard the network, we encourage users to better understand the risks and apply the recommended solutions to reduce their vulnerabilities from cyberattacks:
- Use a strong password (Never use the default password).
- Download the latest firmware to fix bugs and vulnerabilities.
- Follow VIVOTEK’s Vulnerability Policy to know how to manage and respond to security vulnerabilities.
- Implement VIVOTEK’s Hardening Guide to secure basic, advanced, or enterprise infrastructures.
- Refer Security Advisories to help reduce risks of known vulnerabilities.
Product Security
News Update
- 2018/1/24: KRACK – WPA2 key reinstallation attacks, Advisory ID: VVTK-SA-2018-002
- 2018/1/10: Unauthorized information disclosure through CPU side-channel attacks in Advisory ID: VVTK-SA-2018-001
- 2017/11/14: new firmware available for Advisory ID: vvtk-sa-20171001-01: Remote Stack Overflow of Web Server
Security Advisory
Advisory ID | Advisory | Status | Last Updated |
---|---|---|---|
VVTK-SA-2018-002 | KRACK – WPA2 key reinstallation attacks | Confirmed | Jan 24 2018 |
VVTK-SA-2018-001 | CPU side-channel attacks “Meltdown” and “Spectre” | Confirmed | Jan 10 2018 |
vvtk-sa-20171001-01 | Remote Stack Overflow of Web Server | Fixed | Nov 14 2017 |
vvtk-sa-20170621-01 | CVE-2017-9765 – gSOAP | Fixed | Aug 17 2017 |
vvtk-sa-20170623-02 | CVE-2017-9829 – Arbitrary File Download | Fixed | Nov 10 2017 |
vvtk-sa-20170623-01 | CVE-2017-9828 – Shell Command Injection | Fixed | Nov 10 2017 |
– | Cybersecurity Announcement Jul 7 2017 | Fixed | Jul 7 2017 |
– | Cybersecurity Announcement Nov 4 2016 | Confirmed | Nov 4 2016 |
Downloads |
||
Vulnerability Policy |
Security Hardening Guide |
Feature Article |
Contact Information
Please contact us at security@vivotek.com to report a vulnerability or other security concern. For other support issues, please contact technical@vivotek.com.