Genetec Now Detects Insecure Camera Firmware

By Brian Karas, Published on Nov 29, 2017

Genetec is heavily emphasizing cyber security and cyber resilience. From initiatives like CHAVE to 2 Factor Authentication to Expelling Hikvision.

Now, Genetec Security Center will warn if you have vulnerable firmware installed on cameras. The company has released a new feature in Security Center 5.7 that keeps track of most recent firmware for installed devices, issuing a warning if devices are running out of date firmware are connected to ones Genetec system.

We examine Genetec's cyber security-focused firmware management enhancement, including when it can notify users to potentially vulnerable firmware, and where it lacks ability to warn.

Firmware ******** ********

******** ****** *.* **** the ******* ** ********* if ********* **** ******* are ******* *** **** recent ********* ********, ********* ** *******. To ****** **** *******, Genetec **** **** ******* data **** ******* ********, release *****, *** ***** information ******* ** ***** a ******** ** **** recent ********* ******** *** supported *******. **** ******** is ****** ****** *******'* cloud *******, *** ******** Center *.* (** *****) servers *** ***** **** database *** **** ******/***** type ** ******* ** find *** ****** ********* firmware. ******* ****** *** database ** **** ******* with *** ******** ************ after *** ******* *** verified *** ******* *** compatibility **** ******** ******.

***** **** ******* * notification **** *** ******** is ******** *** * device ** ***** *******, and *** **** *** a ****** ********, ***** using ********* ********* ************ **** ** ** *.*.

** *** ********* ****** report *****, ***** *** 186 ***** ******* ********, 183 ******* (** ****) have ** *********** *******, 1 ****** (***) *** an ****** *** * known *************, *** * (green) **** **** *********** updates *** ******* ***** other **** ***************:

******* **** *** ******* firmware ******** ** ******* regularly, ***** ** ******** releases **** ********.

No ************/*** ********

********* ** *******, ** support ********* ** ******** to ******* ******* ******** update *************. *******, *** Security ****** ****** **** need *** ******, ** order ** ******** *** latest ******** ******** *********** from *******.

No ********* *******

*** ******** ******* ******* only ******** ***** **** a ***** ******* ** firmware ** ********* *** a ******. ** **** not ************* ********, ** install, ******** *** ******** devices, ******* ******* ***** tasks ** ************** ** perform.

Only ***** *** ***** ***************/******

******* ******* ****** ** information **** ************* ** order ** ******* *** firmware ******** *** ******* notes, **** *** ******* to **** ********* **** manufacturers *******. ** * manufacturer **** *** **** it ***** **** * given ******** ******* ********* particular ***************, ******* **** not ** **** ** fully ********** *** ***** associated **** *** ******** firmware. ************, ** *************** have *** **** **********, or ******** *********, ***** may ** ******* ********** firmware **** ** ******** Center ******* ** ** being ** ** ****. Again, **** ** *** to ******* **** ***** able ** **** ** known *********** ***** ******** vulnerabilities ** *****.

Manufacturers *********

******* ****** **** ******** updates *** *** ******** are ********* *********, *** noted **** **** *** more ******** *********** *** the ********* *************:

  • *******
  • ****
  • *****
  • ******
  • *********
  • *********
  • *****
  • ****
  • *******

******* ******* ** **** the ******** ****** ****** agnostic, ********* * **** of ******* ******** *** as **** ************* ** they *** *** ****** to.

Hikvision ********

************** ******** ********* ********* devices *** ******* **** ** will ******* ********* *******/******** as **** ** *** firmware ******** ******* *** and *** *** *********** future. 

Progressive *******

** ** **** *******, we *** *** ***** of *** ***** ***** that *********** ****** ***** when ****** ******** *** be *** ** ****, particularly *** *** ***** devices. **** *********, **** as ********, **** ********* to ****** ******** ************* and ******* *** ***** own ******* *****, ***** is ****** ** ********* ** it ** ****** *** * manufacturer ** **** ***** of ***** *** ******** updates *** ********.

Poll / ****

Comments (10)

Jesse Crawford

OpenEye | 11/29/17 03:22pm

This is a great feature! Nice work Genetec.

Randy Lines

11/29/17 04:41pm

It would be cool if they ran a hash on the firmware as well as opposed to version numbers to be sure that spoofed firmware was not a threat. 

Great Initiative by Genetek.

On the topic of Genetec, I am looking forward to HIK coming back into the fold. Some tension between VMS and manufacturer has the potential to can make both better. Full on war makes them both look a bit worse.

Great article.

rbl

Ian Johnston

In reply to Randy Lines | 12/03/17 08:01pm

Getting a hash of the firmware that is already loaded in the camera, is practically impossible.  In order for this to work, the VMS has to be able to execute the hash of the flash chip, or else the firmware just lies and gives the VMS something it wants to hear.

What we need is a means to have the VMS read the firmware signatures to verify that the firmware build was in fact generated by the manufacturer.

Code signing isn't a silver bullet, but it makes it incrementally more difficult to have rogue firmware loaded in the device.

 

Undisclosed #2

IPVMU Certified | In reply to Ian Johnston | 12/03/17 09:40pm

Related: Secure Boot Could Eliminate Botnets - But Manufacturers Ignore It

Avatar

Jeff Junker

Dell EMC - Video Solutions
11/29/17 05:19pm

This is an important aspect of solution integrity that minimizes use of additional external tools.  Trusted certificate management is another area that should be examined for future automation of security policies.

bashis mcw

11/29/17 05:41pm

Interesting and good stuff

Undisclosed Manufacturer #1

11/29/17 07:02pm

Perhaps IPVM could compile a list of unsecured firmware versions also :-)

Avatar

Kenton Peterson

11/29/17 07:08pm

Great feature. Definitely a value-add piece to sell with all of the concern over cyber security at the moment. However it would be nice if you could just download a file from GTAP and then throw it on a USB to load it onto the Security Center server to update all of the firmware info that way, rather than needing internet access on the SC server.

Avatar

Andrew Elvish

Genetec Inc.
In reply to Kenton Peterson | 11/29/17 07:50pm

Hi Kenton,

This is indeed part of the design.  The Genetec Update Service can act as a proxy so that Security Center does not need to be connected to the internet.  Your RSM can provide you with more details.

Undisclosed Integrator #3

12/04/17 01:39am

It's innovations in the cyber-security field that is the next step for VMS companies. As some have said, not a perfect system, but a heck of a lot better than nothing. A very progressive, relevant and competitive move by Genetec. (From a dealer whose product on occasion goes head to head with Genetec.)

Read this IPVM report for free.

This article is part of IPVM's 6,584 reports, 886 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Verkada Access Control Tested on Sep 09, 2020
Verkada raised $80 million earlier in 2020, expanding from video into access...
Remote Network Access for Video Surveillance Guide on Jul 27, 2020
Remotely accessing surveillance systems is key in 2020, with more and more...
The Insecure Verkada Access Control System on Jun 25, 2020
While Verkada touts the security of its system and that how their new door...
Free Online NFPA, IBC, and ADA Codes and Standards 2020 on Sep 03, 2020
Finding applicable codes for security work can be a costly task, with printed...
Milestone XProtect on AWS Tested on Sep 21, 2020
Milestone finally launched multiple cloud solutions in 2020, taking a...
Verkada Disruptive Embedded Live Help on Sep 24, 2020
Call up your integrator? Have someone come by the next day? Verkada is...
Ultra-Wideband (UWB) And The Future of Mobile Electronic Access Control on Oct 07, 2020
In the last year, Ultra-Wideband (UWB) has gained support from new phones...
Favorite Access Control Credentials 2020 on Sep 15, 2020
Credential choice is more debated than ever, with hacking risk for 125kHz and...
Video Surveillance 101 Book Released on Jul 07, 2020
IPVM's unique introduction to video surveillance series is now available as a...
Risks Of Managing End User Passwords (Statistics) 2020 on Sep 11, 2020
Alarmingly, most integrators used spreadsheets to manage passwords, IPVM...
OnTech Smart Services Partners With Google and Amazon To Compete With Integrators on Sep 25, 2020
A pain point for many homeowners to use consumer security and surveillance is...
Clinton Public View Monitor (PVM) Mask Detection Tested on Jul 09, 2020
Face mask detection, or more specifically not wearing one, is expanding...
Avigilon ACC Cloud Tested on Jul 08, 2020
Avigilon merged Blue and ACC, adding VSaaS features to its on-premise VMS,...
SenseB4 Presents Cloud Network Device Monitoring on Jun 09, 2020
SenseB4 presented its cybersecurity and network health monitoring products at...
FLIR Screen-EST Screening Software Tested on Jun 30, 2020
In our FLIR A Series Test, the cameras' biggest drawback was their lack of...

Recent Reports

Avigilon Aggressive Trade-In Program Takes Aim At Competitors on Oct 20, 2020
Avigilon has launched one of the most aggressive trade-in programs the video...
Mexico Video Surveillance Market Overview 2020 on Oct 20, 2020
Despite being neighbors, there are key differences between the U.S. and...
Dahua Revenue Grows But Profits Down, Cause Unclear on Oct 20, 2020
While Dahua's overall revenue was up more than 12% in Q3 2020, a significant...
Illegal Hikvision Fever Screening Touted In Australia, Government Investigating, Temperature References Deleted on Oct 20, 2020
The Australian government told IPVM that they are investigating a Hikvision...
Panasonic Presents i-PRO Cameras and Video Analytics on Oct 19, 2020
Panasonic presented its i-PRO X-Series cameras and AI video analytics at the...
Augmented Reality (AR) Cameras From Hikvision and Dahua Examined on Oct 19, 2020
Hikvision, Dahua, and other China companies are marketing augmented reality...
18 TB Video Surveillance Drives (WD and Seagate) on Oct 19, 2020
Both Seagate and Western Digital recently announced 18TB hard drives...
Watrix Gait Recognition Profile on Oct 16, 2020
Watrix is the world's only gait recognition surveillance provider IPVM has...
Intel Presents Edge-to-Cloud Ecosystem for Video Analytics on Oct 16, 2020
Intel presented its processors and software toolkit for computer vision at...
Microsoft Azure Presents Live Video Analytics on Oct 15, 2020
Microsoft Azure presented its Live Video Analytics offering at the September...
Worst Manufacturer Technical Support 2020 on Oct 15, 2020
4 manufacturers stood out as providing the worst technical support to ~200...
Clorox Announces, Then Pulls, Fever Camera on Oct 15, 2020
For almost one week, Clorox was marketing fever cameras. The booming...
Faulty Hikvision Fever Cam Setup at Mexico City Basilica and Cathedral on Oct 14, 2020
Donated Hikvision fever cameras (claiming screening of 1,800 people/min. with...
Directory of 211 "Fever" Camera Suppliers on Oct 14, 2020
This directory provides a list of "Fever" scanning thermal camera providers...