No Brainer Idea For Manufacturers To Stay Current With Cyber Security: Automatic Firmware Upgrades

I understand their are concerns, but i feel the risk to not have it is much greater than having it. 

My suggestion would be to make an optional checkbox to receive the upgrades, that way if some users dont want them, its their choice.

Then send the user a push notification of some sort to notify them their is a new firmware with clear instructions on how to properly receive the upgrade.

The way our alarm panels upgrade is this. We send the command via the dealer cloud portal. The cloud sends the firmware to the panel. The alarm panel operation is not stopped during this time. The panel confirms that the firmware is good and was recieved completly. Then it actually upgrades the panels firmware. We have never had a firmware update screw up an alarm panel since this platform came online over a year ago. 

That something goes wrong is an accepted risk in the process, as long as it can be managed in a good way, ie. when you're about to update cameras/whatever in quantity, you could do a batch of maybe 20 at most with a single click, then make sure everything works, then continue or fix any issues if they arise. If typically everything works out perfect, while not ideal, this wouldn't be too much administrative overhead for someone who wants to have control over the applied updates.

The admin and users of a particular system can probably work out a patching schedule, but there perhaps should be some easy guidelines available on how to implement those things, from a small store to a multi-site enterprise environment.

If only the tools and assistance to do the actual update reliably were there, much of the other stuff concerns the procedures in place and the support available in the VMS/whatever. Of course one couldn't really know much about the content of the updates or whether they break things or not, but if it's simple to handle them like "./update_cam 10.1.1.55 firmware_2017_09_29.bin" one could in some cases put this up in Jenkins or so for acceptance testing with a real camera, to test certain important things from the end-user perspective, like that the camera can be accessed with the configured IP, image is recorded, certain settings are enabled and so on.

This is an ongoing process for sure.

You can push firmwares thru to the cameras via the NVR. So any camera that is connected to the NVR can receive upgrades as well.

Yes, it's convenient with <particular_brand> to update the firmware of many cameras at once.

I think thats overthinking it. All you do is send a push notification to the end user asking if they want to upgrade the firmware or not. If they say yes, then they receive the upgrade. Im not a programmer by any means so I dont know the complexitities but what I do know is that there are already tons of devices that do this and have been doing it for years.

Like Microsoft or Apple?

A compatible way to update firmware from the VMS would be nice indeed, it's a pain when you have a wide range of models and can't manage all of the updates in one place, instead you can perhaps handle a bunch of them with one software and another with something else, and some you just have to resort to manually update via the web interface. And some you can't update at all :(

ONVIF is not as well implemented as I think we would all like.  I think part of the reason is the complexity and the lack of proprietary lock-in.  Once everything is plug and play compatible, it becomes often a race to the commodity bottom.  Suppliers do not like creating a system that may hasten their demise.  (Uber drivers should take note...)

Supporting ONVIF fully as well as your proprietary methods used for brand loyalty support, is labor intensive from a development point of view.  If your "in" into the market is disruptive pricing, then this expense gets in the way of your marketing plan.

Look at Ubiquiti networks, who does just that.  At times they have great products with horribly buggy software that they let the "community" beta test and work out the kinks in for several months before most folks should depend on it.  They have no real SNMP support (the networking semi-equivalent to ONVIF) for most of their products, but still they are successful.  Partly because of their low price points and partly because unlike similarly priced low-end products with more robust features, once they are stable, they tend to be reliable long-term and prevent truck rolls.  They eschew standard features and industry compatibility for proprietary solutions.  Listen to their quarterly call-ins where they boast about their customer lock-in as one key to their success.  Note that as their software complexity goes up and they join the wider community of standards, their prices go up as well.  There is no such thing as a free lunch.

Long term there needs to be enough margin to support the upgrades of the older buggy software as defects are discovered and that makes the ultra-lowcost solutions harder to build/purchase.  You get what you pay for?  Sometimes.  Some high priced vendors take lots of money up front and still do a very poor job of support and security.  Where is their excuse as they are the ones generally complaining loudly about their low costs competition bad practices?  A look in their mirrors could be enlightening.

How hard does that low-cost vendor really want to work for a $70 IP camera?  How many purchasers will be able to see an ONVIF certification stamp and decide that means all of them are equal so their job is to pick the lowest priced option.

I think underestimating how truly difficult and labor intensive software development and support is, creates a gap in expectation vs. reality.  We can write books on the subject, but in summary I think it can be like trying to nail Jello to the wall in a hurricane on a hot day with thumb tacks much of the time.  Lots of pressures fighting against you and little support from anyone.

Long term I agree that managed updates are the only reliable way for larger installations to succeed.  You will need a human to read the release notes, understand the business requirements, satisfy the logistical and political environment needs, etc...   

For mom and pop installations the automatic update would help, but should not be the only option.  These issues put more pressure to migrate to SAAS again since many end users do not want to deal with these sorts of details.

How effective would a piece of software be in recognizing whether a firmware update was hostile? Even antivirus has difficulty recognizing malicious files until a good signature can be developed for that particular threat. Considering physec hardware threats have considerably less volume, I'm not sure any application could be effective in automatically detecting threats - especially if the threat was designed to wait a few weeks before contacting a botnet for example.

Probably the best protection against this is to use PKCS to sign the firmware so the hardware will only apply firmware which was signed by the organization's (hopefully) secure private key. Ideally there would be multiple layers of protection. There was a thread a while back about kernel support for executing only properly signed code as well for example.

Thanks for posting this. I hadn't seen it yet. We'll see if we can get some information on what the auto-check actually does. What was that firmware running on?

Yes in most of there newest firmware's they have auto checking of updates. 

I haven't seen a machine do a update from a pushed update yet but they are for sure rolling it out. 

Uniview has had cloud updating for a long time and it works well.

Thats great! Hopefully it actually works! curious how one receives notification to receive update. What they really need is to be shown on their phone or whenevet they login to their DVR thru any method