Arecont and SIA Failing Cybersecurity Efforts

By: John Honovich, Published on Jul 22, 2016

Do as we say, not as we do.

The effective motto of the Security Industry Association and their cyber board member Arecont Vision. Today, the two companies issued an interview where they talked cybersecurity [link no longer available].

Ironically, though both companies fail following their own guide.

** ** ** ***, not ** ** **.

*** ********* ***** ** the ******** ******** *********** and ***** ***** ***** member ******* ******. *****, the *** ********* ****** an ********* ***** **** talked ************* [**** ** longer *********].

**********, ****** **** ********* fail ********* ***** *** guide.

[***************]

The *****

*** ****** ************** *****. ** ** ****** straightforward, ********* ********** *************** like:

******* ** *****.

******* ******* *********.

SIA *******

***'* *** *******, ****://***.****************.***/ **** *** ******* ** HTTPS. 

**** **********, ***'* ***** page **** *** *** HTTPS ***** **** ***'* users ** **** ** getting ***** ********* ******:

[******: *** *** *** fixed ***** ***** **** to *** *****]

*******,*** ****** **** * C** *** *** **** server ******:

Arecont *******

******* ***** ** ******** levels.

***, ******* ******* ** not ******* ***** ** all. ***** ***** ****? Not ** ***. *** even ** ******. (*******: **** ****** ******* ******* Out ** ******)

***, *******'* ***** ****, like ***, **** *** support *****:

[******: ******* ****** *** now **** ***** ****-****, including *** ***** ****.]

*****,******* **** ****** **** a *** *** *** **** report.

****** *** ******** **** seriously, ******* ******** ** no ******** ** ***. Or ** ******* ********* *****:

******* ****** ******* ** not **** **** ************** enabled

"Thought **********"

******, *** *** ******* will ************ ********** ** being '******* *******'. *** would ***** '**********' *** be ******** ** **** followed ***** ***** ********** themselves? Does *** *** ******** deserve ****** **** ****?

*** *** **** ***, in **** **********, **** Arecont ** *** ************* board **** ******* ***** at ******** *********** ****** in ***** *** *****. Do ***** ****?

Comments (7)

U1: I tell you what! All these shady Chinese crap companies.....

U2: They aren't Chinese bruh

U1: WHAT?

U2: They are American?

U1: (blank stare)

Did that make you feel better? ;)

Maybe this is an opportunity for an independent organization to create a rating system on the security of all web enabled cameras, NVR's, DVR's, access control, alarm systems, home automation......deep breath, commercial controls, wireless access point, switches and routers. Some sort of Penetration Test Rating that at the time of Manufacturing a random independent penetration test was conducted. Of course with all the zero-day exploits coming out all the time the rating could go up and down for model #'s.

The organizational model that comes to mind is the IP Code rating on outdoor rated technology. For example granted that IP66 is good enough for most outdoor installations, but if your national security or 100's of lives are at stake then you may want to use IP69. At least you know you did the best you could given whats available to you.

This would create a lot more clarity in the market especially sales people that are up against the out of the box camera system that can be streamed to a smartphone (Very impressive I know). Just ask these people "Does it concern you that there are self learning autonomous servers running 24/7 scanning for your public facing network weaknesses and exploiting them for no reason besides that's what they are programmed to do?" then they will ask for proof and well this is where a White Hat rating system would be a great to reference to cite.

Update: SIA has fixed their login page issue, Arecont still has not.

Update: Arecont Vision has now gone HTTPS site-wide, including the login page.

IPVM making industry manufacturers websites more secure, one HTTPS site at a time!

IPVM, the fly on the butt of the Old Dog known as the security industry.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Security Fail: ASISNYC Auto Emails Passwords In Plain Text on May 14, 2019
ASIS NYC automatically emails a user with the password the user just entered, in plain text, when one registers for the site / event, as the...
Honeywell Speaks On NDAA Ban, New Non-Banned Cameras and Cybersecurity on Aug 06, 2019
For years, Honeywell has depended on Dahua, a company with a poor cybersecurity track record and now banned by the US NDAA, for the development and...
Dahua Wiretapping Vulnerability on Aug 02, 2019
IPVM has validated, with testing, and from Dahua, that many Dahua cameras have a wiretapping vulnerability. Even if the camera's audio has been...
Dahua OEM Directory on Aug 16, 2019
US Government banned Dahua OEMs for dozens of companies. The following directory includes 40+ of those companies with a graphic and links to...
Axis Suffers Outage, Provides Postmortem on Aug 15, 2019
This week, Axis suffered an outage impacting their website and cloud services. Inside this note, we examined what happened, what was impacted...
Uniview OEM Directory on Sep 11, 2019
This directory lists 20+ companies that OEM products from Uniview, with a graphic and links to company websites below. It does not cover all...
3 Weeks Later, Honeywell Still Cannot Say Whether They Are Vulnerable To Dahua Wiretapping [Now Admits] on Aug 27, 2019
The Dahua wiretapping vulnerability and Dahua's decision to delay disclosing it until IPVM inquired underscored problems with cybersecurity and...
Mobotix First CNPP CCTV Cybersecurity Certification Examined on Sep 05, 2019
Mobotix recently became the first video surveillance manufacturer to receive the CNPP cybsersecurity certification for its cameras, in which they...
Dahua New Critical Vulnerability 2019 on Sep 23, 2019
Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored...
Wyze Massive Data Leak on Dec 26, 2019
Wyze has exposed millions of user's data, as reported by Twelve Security, and confirmed by IPVM, who has spoken with Twelve Security and reviewed...

Most Recent Industry Reports

Brivo Business Profile 2020 on Jan 27, 2020
Brivo has been doing cloud access for more than 20 years. Is the 2020s the decade that cloud access becomes the norm? CEO Steve Van Till recently...
Favorite VMS / NVR Manufacturers 2020 on Jan 27, 2020
In 2018, a new winner emerged and a former top choice declined. Now, there is a new #1, a new top 5 finisher and 2 major VMSes in decline. Our...
"Hikvision Football Arena" Lithuania Causes Controversy on Jan 24, 2020
Controversy has arisen in Lithuania over Hikvision becoming a soccer team's top sponsor and gaining naming rights to their arena, with one local MP...
Axis and Genetec Drop IFSEC 2020 on Jan 23, 2020
Two of the best-known video surveillance manufacturers are dropping IFSEC International 2020, joining Milestone who dropped IFSEC in 2019. The...
Multipoint Door Lock Tutorial on Jan 23, 2020
Despite widespread use, locked doors are notoriously weak at stopping entry, and thousands can be misspent on locks that leave doors quite...
Avigilon Shifts Cloud Strategy - Merges Blue and ACC on Jan 23, 2020
Avigilon is shifting its cloud strategy, phasing out its Blue web-managed surveillance platform as a stand-alone brand and merging it with its ACC...
Verkada Paying $100 For Referrals Just To Demo on Jan 22, 2020
Some companies pay for referrals when the referral becomes a customer. Verkada is taking it to the next level - paying $100 referrals fees simply...
Camera Analytics Shootout 2020 - Avigilon, Axis, Bosch, Dahua, Hanwha, Hikvision, Uniview, Vivotek on Jan 22, 2020
Analytics are hot again, thanks to a slew of AI-powered cameras, but whose analytics really work? And how do these new smart cameras compare to top...
Intersec 2020 Final Show Report on Jan 21, 2020
IPVM spent all 3 days at the Intersec 2020 show interviewing various companies and finding key trends. We cover: Middle East Enterprise...
Vehicle & Long Range Access Reader Tutorial on Jan 21, 2020
One of the classic challenges for access control are parking lots and garages, where the user's credential is far from the reader. With modern...