Arecont and SIA Failing Cybersecurity Efforts

By: John Honovich, Published on Jul 22, 2016

Do as we say, not as we do.

The effective motto of the Security Industry Association and their cyber board member Arecont Vision. Today, the two companies issued an interview where they talked cybersecurity [link no longer available].

Ironically, though both companies fail following their own guide.

** ** ** ***, not ** ** **.

*** ********* ***** ** the ******** ******** *********** and ***** ***** ***** member ******* ******. *****, the *** ********* ****** an ********* ***** **** talked ************* [**** ** longer *********].

**********, ****** **** ********* fail ********* ***** *** guide.

[***************]

The *****

*** ****** ************** *****. ** ** ****** straightforward, ********* ********** *************** like:

******* ** *****.

******* ******* *********.

SIA *******

***'* *** *******, ****://***.****************.***/ **** *** ******* ** HTTPS. 

**** **********, ***'* ***** page **** *** *** HTTPS ***** **** ***'* users ** **** ** getting ***** ********* ******:

[******: *** *** *** fixed ***** ***** **** to *** *****]

*******,*** ****** **** * C** *** *** **** server ******:

Arecont *******

******* ***** ** ******** levels.

***, ******* ******* ** not ******* ***** ** all. ***** ***** ****? Not ** ***. *** even ** ******. (*******: **** ****** ******* ******* Out ** ******)

***, *******'* ***** ****, like ***, **** *** support *****:

[******: ******* ****** *** now **** ***** ****-****, including *** ***** ****.]

*****,******* **** ****** **** a *** *** *** **** report.

****** *** ******** **** seriously, ******* ******** ** no ******** ** ***. Or ** ******* ********* *****:

******* ****** ******* ** not **** **** ************** enabled

"Thought **********"

******, *** *** ******* will ************ ********** ** being '******* *******'. *** would ***** '**********' *** be ******** ** **** followed ***** ***** ********** themselves? Does *** *** ******** deserve ****** **** ****?

*** *** **** ***, in **** **********, **** Arecont ** *** ************* board **** ******* ***** at ******** *********** ****** in ***** *** *****. Do ***** ****?

Comments (7)

U1: I tell you what! All these shady Chinese crap companies.....

U2: They aren't Chinese bruh

U1: WHAT?

U2: They are American?

U1: (blank stare)

Did that make you feel better? ;)

Maybe this is an opportunity for an independent organization to create a rating system on the security of all web enabled cameras, NVR's, DVR's, access control, alarm systems, home automation......deep breath, commercial controls, wireless access point, switches and routers. Some sort of Penetration Test Rating that at the time of Manufacturing a random independent penetration test was conducted. Of course with all the zero-day exploits coming out all the time the rating could go up and down for model #'s.

The organizational model that comes to mind is the IP Code rating on outdoor rated technology. For example granted that IP66 is good enough for most outdoor installations, but if your national security or 100's of lives are at stake then you may want to use IP69. At least you know you did the best you could given whats available to you.

This would create a lot more clarity in the market especially sales people that are up against the out of the box camera system that can be streamed to a smartphone (Very impressive I know). Just ask these people "Does it concern you that there are self learning autonomous servers running 24/7 scanning for your public facing network weaknesses and exploiting them for no reason besides that's what they are programmed to do?" then they will ask for proof and well this is where a White Hat rating system would be a great to reference to cite.

Update: SIA has fixed their login page issue, Arecont still has not.

Update: Arecont Vision has now gone HTTPS site-wide, including the login page.

IPVM making industry manufacturers websites more secure, one HTTPS site at a time!

IPVM, the fly on the butt of the Old Dog known as the security industry.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Guide

Access Control Door Controllers Guide on Oct 22, 2019
Door controllers are at the center of physical access control systems connecting software, readers, and locks. Despite being buried inside...
Securing Access Control Installations Tutorial on Oct 17, 2019
The physical security of access control components is critical to ensuring that a facility is truly secure. Otherwise, the entire system can be...
IPVM Camera Calculator User Manual / Guide on Oct 16, 2019
Learn how to use the IPVM Camera Calculator (updated for Version 3.1). The guide below includes instructions, images, gifs, and videos...
Camera Focusing Tutorial on Oct 14, 2019
Camera focus is fundamental to quality imaging. Mistakes can significantly reduce details, making cameras less effective. In this guide, we...
Last Chance - Register Now - October 2019 IP Networking Course on Oct 10, 2019
Last Chance - Register Now - Fall 2019 IP Networking Course. The course starts next week. This is the only networking course designed...
Camera Cable Whip Guide on Oct 02, 2019
Cable whips are one of integrator's least favorite camera features but seem to be unavoidable, now commonplace on dome, turret, and bullet cameras...
Wide Dynamic Range (WDR) Guide on Oct 01, 2019
Understanding wide dynamic range (WDR) is critical to capturing high quality images in demanding conditions. However, with no real standards, any...
Access Control Mustering Guide on Sep 30, 2019
In emergencies, determining where employees are located can be critical for knowing whether they are in danger. Access systems can be used for...
Access Control Mantraps Guide on Sep 26, 2019
One of access's primary goals is keeping people out of places they should not be, but slipping through open doors (ie: Tailgating) is often...
Access Control Time & Attendance Guide on Sep 24, 2019
Access control systems can do more than lock doors. With little or no extra equipment, they can be used to track labor hours for employees...

Most Recent Industry Reports

Resideo Stock Plunges 40%, CFO Ousted on Oct 23, 2019
The horrible year for the ADI / Honeywell Home spinout, Resideo, just got worse, with their stock plunging another 40% today. Not even a year...
Access Control Door Controllers Guide on Oct 22, 2019
Door controllers are at the center of physical access control systems connecting software, readers, and locks. Despite being buried inside...
Alarm.com Acquires OpenEye on Oct 21, 2019
Alarm.com is targeting commercial expansion and now they have a commercial cloud VMS with the acquisition of OpenEye. In this note, based on...
Government-Owned Hikvision Wants To Keep Politics Out Of Security on Oct 21, 2019
'Politics' made Hikvision the goliath it is today. It was PRC China 'politics' that created Hikvision, funded it, and blocked its foreign...
Integrated IR Camera Usage Statistics 2019 on Oct 21, 2019
Virtually every IP camera now comes with integrated IR but how many actually make use of IR or choose 'super' low light cameras without IR? In...
Alarm Veteran "Demands A Criminal Investigation" Of UL on Oct 18, 2019
The Interceptor's Project pressure against UL continues to rise. Following Keith Jentoft's allegation that "UL Has Blood On Their Hands", Jentoft...
Camect "Worlds Smartest Camera Hub" Tested on Oct 18, 2019
Camect is a Silicon Valley startup that claims the "Smartest AI Object Detection On The Market", detecting not only people and vehicles, but...
Hikvision Global News Reports Directory on Oct 17, 2019
Hikvision has received the most global news reporting of any video surveillance company, ever, ranging from the WSJ, the Financial Times, Reuters,...
Camera Calculator V3.1 Release Improves User Experience on Oct 17, 2019
IPVM has released a new version of our Camera Calculator, V3.1, with significant user experience improvements, a new development plan, and an...