Why this exists
Most break-ins start with someone disabling a camera. The cheap way is physical (cover the lens). The smarter way is digital: log into the NVR with default creds and pause recording. We test for the digital version so you know whether your $5,000 camera install can be shut off in 30 seconds by anyone with a phone.
What gets tested
- Default credentials on every camera + the NVR. Hikvision/Dahua/Reolink/Amcrest models have well-known defaults that are still set on roughly 30% of small-business systems.
- RTSP / ONVIF exposure — can your camera streams be pulled by anyone on the same network without auth? Often yes if the previous installer didn't lock it down.
- Mobile-app auth weaknesses — replay attacks, hardcoded API keys in the vendor mobile app, no TLS-cert-pinning so MITM is trivial.
- NVR firmware CVEs — cross-reference your NVR model + firmware version against published CVE database. Hikvision, Dahua, Annke have had remote-code-execution CVEs (some still unpatched on older firmware).
- UPnP / port-forward exposure — does your router auto-forward NVR ports to the public internet? More common than you'd think on small-business consumer routers.
- Cloud-app account takeover — if the vendor offers a cloud login (Hik-Connect, EZVIZ, Reolink Cloud), can the password be reset via SMS to an attacker's number?
- Retention reality check — you say "30-day retention." We pull a clip from 30 days ago and verify it's actually there + watchable. Often retention silently fails when a drive fills.
- Tamper-detection coverage — if a camera is physically covered or unplugged, does the system actually alert? Many small-business systems claim to and don't.
What you get
- Per-finding remediation — specific steps for your specific NVR brand. Not generic "change default passwords" advice; an actual click-by-click remediation guide.
- Insurance-ready report — some insurers now ask for a camera-system security review. The report is formatted so it lands cleanly with their underwriter.
- Live debrief — 45-60 min walk-through. Covers what was tested, what was found, what to fix first.
- Pairs naturally with new-install proposals — if findings are bad enough that replacing the system is cheaper than fixing it, we tell you that, with a written quote referencing the camera tiers.
Pricing
Single-site camera review: from $750. 4-6 hours on-site (mostly non-disruptive). Report + debrief within 1 week.
Multi-location review: from $400/site after the first.
If you proceed with a new install after the review, the review fee is credited toward the install quote.