Marketing Claim: "If You Have An Axis IP Camera You Are At Risk"

JH
John Honovich
Dec 02, 2016
IPVM

This is the first company we have seen run marketing attacking Axis for their summer critical security vulnerability.

The HTML page title is 'Security Breach Axis IP Camera' and the key claim on the page is:

Checkvideo / Cernium was acquired by Kastle in 2013. CheckVideo primarily does remote video monitoring / video analytics.

It is a little strange for 2 reasons:

  • They are not really direct competitors. CheckVideo has more of a niche.
  • The bold 'Axis IP Camera you are at risk' seems a little strong. One certainly may be at risk depending on firmware and network topology but the same can be said for a number of manufacturers.

On the other hand, the Axis vulnerability allowed unauthenticated root access so it was clearly critical.

Any thoughts about companies using Axis vulnerability for marketing purposes?

Avatar
Greg Thornbury
Dec 02, 2016
Facility Solutions Group, Inc. • IPVMU Certified

IMHO this is a cheap shot. As you say, a number of manufacturers have documented vulnerabilities.

I also think a lot of end users would question the implication that 'cloud managed' equals a 'secure network'.

Just my .02

(6)
U
Undisclosed #2
Dec 02, 2016

"IMHO this is a cheap shot. As you say, a number of manufacturers have documented vulnerabilities."

Axis is a well-known IP camera in the wild... meaning you don't have to be in the physical security industry to recognize the brand.

Maybe customers in this niche that Checkvideo sells into use a lot of Axis IP cameras?

From a marketing perspective - if the sentence above is true - it would seem a well-targeted effort, no?

***I Do not work for any of the above-mentioned firms***

Avatar
Greg Thornbury
Dec 02, 2016
Facility Solutions Group, Inc. • IPVMU Certified

My issue is with the message and the almost scare tactics. 'immediate action to secure your system' assumes a lot, and throwing any specific manufacturer in with it carries the assumptions too far for me.

Based on the degree of intelligence of our customer base, I would like to think that a lot of other integrators have clients that understand networks, risk, etc. of connected devices and take appropriate measures to mitigate these risks. My customer base would certainly not respond positively if we threw something like this out there.....

(2)
UD
Undisclosed Distributor #1
Dec 02, 2016

I'm sorry, when you have the words "Cloud" and "Security" in the same sentence you have failed. Maybe it should be "Cloud" and "trusting some unknown entity to manage this and hope something doesn't go wrong".

(1)
(1)
U
Undisclosed #3
Dec 02, 2016

I suspect they are using the Axis name purely for SEO.

(2)
Avatar
John Day
Dec 05, 2016
LMN Software Corp

Too bad they missed a real opportunity - they should have said "If you have a security system that is linked to the internet there is a good chance that you are vulnerable".

My use of "Good Chance" is (my guess) between 40% and 60% of IP based security systems. This guess is based on:

1/ Systems that haven't been updated in 3 years likely have vulnerable routers

2/ Most published camera vulnerabilities haven't (ever) been patched

3/ Most security companies don't know how to work with a router and either leave too many ports open or use the router's DMZ

4/ Many client IT departments don't want to "own" the security system

Instead of highlighting an industry problem they took the easy road. The use of Axis was just a cheap shot...

(1)
U
Undisclosed
Dec 05, 2016

got a specific URL of this statement? I think it's a bit loud but then again they all say loud things about each other and always have, it appears to be the norm.

JH
John Honovich
Dec 05, 2016
IPVM

Rodney, here is the URL; also they are offering a free network assessment, maybe they can teach you a thing or two ;)

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions