Genetec Now Detects Insecure Camera Firmware

By: Brian Karas, Published on Nov 29, 2017

Genetec is heavily emphasizing cyber security and cyber resilience. From initiatives like CHAVE to 2 Factor Authentication to Expelling Hikvision.

Now, Genetec Security Center will warn if you have vulnerable firmware installed on cameras. The company has released a new feature in Security Center 5.7 that keeps track of most recent firmware for installed devices, issuing a warning if devices are running out of date firmware are connected to ones Genetec system.

We examine Genetec's cyber security-focused firmware management enhancement, including when it can notify users to potentially vulnerable firmware, and where it lacks ability to warn.

******* ** ******* *********** cyber ******** *** ***** resilience. **** *********** **** ***** *** ****** **************** ********* *********.

***, ******* ******** ****** **** **** if *** **** ********** firmware ********* ** *******. The ******* *** ******** a *** ******* ** Security ****** *.* **** keeps ***** ** **** recent ******** *** ********* devices, ******* * ******* if ******* *** ******* out ** **** ******** are ********* ** **** Genetec ******.

** ******* *******'* ***** security-focused ******** ********** ***********, including **** ** *** notify ***** ** *********** vulnerable ********, *** ***** it ***** ******* ** warn.

[***************]

Firmware ******** ********

******** ****** *.* **** the ******* ** ********* if ********* **** ******* are ******* *** **** recent ********* ********, ********* ** *******. To ****** **** *******, Genetec **** **** ******* data **** ******* ********, release *****, *** ***** information ******* ** ***** a ******** ** **** recent ********* ******** *** supported *******. **** ******** is ****** ****** *******'* cloud *******, *** ******** Center *.* (** *****) servers *** ***** **** database *** **** ******/***** type ** ******* ** find *** ****** ********* firmware. ******* ****** *** database ** **** ******* with *** ******** ************ after *** ******* *** verified *** ******* *** compatibility **** ******** ******.

***** **** ******* * notification **** *** ******** is ******** *** * device ** ***** *******, and *** **** *** a ****** ********, ***** using ********* ********* ************ **** ** ** *.*.

** *** ********* ****** report *****, ***** *** 186 ***** ******* ********, 183 ******* (** ****) have ** *********** *******, 1 ****** (***) *** an ****** *** * known *************, *** * (green) **** **** *********** updates *** ******* ***** other **** ***************:

******* **** *** ******* firmware ******** ** ******* regularly, ***** ** ******** releases **** ********.

No ************/*** ********

********* ** *******, ** support ********* ** ******** to ******* ******* ******** update *************. *******, *** Security ****** ****** **** need *** ******, ** order ** ******** *** latest ******** ******** *********** from *******.

No ********* *******

*** ******** ******* ******* only ******** ***** **** a ***** ******* ** firmware ** ********* *** a ******. ** **** not ************* ********, ** install, ******** *** ******** devices, ******* ******* ***** tasks ** ************** ** perform.

Only ***** *** ***** ***************/******

******* ******* ****** ** information **** ************* ** order ** ******* *** firmware ******** *** ******* notes, **** *** ******* to **** ********* **** manufacturers *******. ** * manufacturer **** *** **** it ***** **** * given ******** ******* ********* particular ***************, ******* **** not ** **** ** fully ********** *** ***** associated **** *** ******** firmware. ************, ** *************** have *** **** **********, or ******** *********, ***** may ** ******* ********** firmware **** ** ******** Center ******* ** ** being ** ** ****. Again, **** ** *** to ******* **** ***** able ** **** ** known *********** ***** ******** vulnerabilities ** *****.

Manufacturers *********

******* ****** **** ******** updates *** *** ******** are ********* *********, *** noted **** **** *** more ******** *********** *** the ********* *************:

  • *******
  • ****
  • *****
  • ******
  • *********
  • *********
  • *****
  • ****
  • *******

******* ******* ** **** the ******** ****** ****** agnostic, ********* * **** of ******* ******** *** as **** ************* ** they *** *** ****** to.

Hikvision ********

************** ******** ********* ********* devices *** ******* **** ** will ******* ********* *******/******** as **** ** *** firmware ******** ******* *** and *** *** *********** future. 

Progressive *******

** ** **** *******, we *** *** ***** of *** ***** ***** that *********** ****** ***** when ****** ******** *** be *** ** ****, particularly *** *** ***** devices. **** *********, **** as ********, **** ********* to ****** ******** ************* and ******* *** ***** own ******* *****, ***** is ****** ** ********* ** it ** ****** *** * manufacturer ** **** ***** of ***** *** ******** updates *** ********.

Poll / ****

Comments (10)

Jesse Crawford

OpenEye | 11/29/17 03:22pm

This is a great feature! Nice work Genetec.

Randy Lines

11/29/17 04:41pm

It would be cool if they ran a hash on the firmware as well as opposed to version numbers to be sure that spoofed firmware was not a threat. 

Great Initiative by Genetek.

On the topic of Genetec, I am looking forward to HIK coming back into the fold. Some tension between VMS and manufacturer has the potential to can make both better. Full on war makes them both look a bit worse.

Great article.

rbl

Ian Johnston

In reply to Randy Lines | 12/03/17 08:01pm

Getting a hash of the firmware that is already loaded in the camera, is practically impossible.  In order for this to work, the VMS has to be able to execute the hash of the flash chip, or else the firmware just lies and gives the VMS something it wants to hear.

What we need is a means to have the VMS read the firmware signatures to verify that the firmware build was in fact generated by the manufacturer.

Code signing isn't a silver bullet, but it makes it incrementally more difficult to have rogue firmware loaded in the device.

 

Undisclosed #2

IPVMU Certified | In reply to Ian Johnston | 12/03/17 09:40pm

Related: Secure Boot Could Eliminate Botnets - But Manufacturers Ignore It

Avatar

Jeff Junker

Dell EMC - Video Solutions
11/29/17 05:19pm

This is an important aspect of solution integrity that minimizes use of additional external tools.  Trusted certificate management is another area that should be examined for future automation of security policies.

bashis mcw

11/29/17 05:41pm

Interesting and good stuff

Undisclosed Manufacturer #1

11/29/17 07:02pm

Perhaps IPVM could compile a list of unsecured firmware versions also :-)

Avatar

Kenton Peterson

11/29/17 07:08pm

Great feature. Definitely a value-add piece to sell with all of the concern over cyber security at the moment. However it would be nice if you could just download a file from GTAP and then throw it on a USB to load it onto the Security Center server to update all of the firmware info that way, rather than needing internet access on the SC server.

Avatar

Andrew Elvish

Genetec Inc.
In reply to Kenton Peterson | 11/29/17 07:50pm

Hi Kenton,

This is indeed part of the design.  The Genetec Update Service can act as a proxy so that Security Center does not need to be connected to the internet.  Your RSM can provide you with more details.

Undisclosed Integrator #3

12/04/17 01:39am

It's innovations in the cyber-security field that is the next step for VMS companies. As some have said, not a perfect system, but a heck of a lot better than nothing. A very progressive, relevant and competitive move by Genetec. (From a dealer whose product on occasion goes head to head with Genetec.)

Login to read this IPVM report.

Related Reports

Use Access Control Logs To Constrain Coronavirus on Apr 09, 2020
Access control users have included capabilities that are not commonly used...
ZKTeco Presents SpeedFace Recognition + Body Temperature Detection on Apr 21, 2020
ZKTeco presented its SF1008+ reader with body temperature and face mask...
Genetec Security Center 5.9 Release Examined on Feb 06, 2020
Genetec released the next major version of Security Center, less than a year...
Remote Network Access for Video Surveillance Guide on Jul 27, 2020
Remotely accessing surveillance systems is key in 2020, with more and more...
BICSI For IP Video Surveillance Guide on Feb 11, 2020
Spend enough time around networks and eventually someone will mention BICSI,...
China Surveillance Vulnerabilities Being Used To Attack China, Says China on Apr 07, 2020
While China video surveillance vulnerabilities have been much debated in the...
Anyvision Layoffs on Mar 19, 2020
Anyvision has conducted a layoff, citing the impact of coronavirus, joining a...
Milestone Presents XProtect On AWS on May 04, 2020
Milestone presented its XProtect on AWS offering at the April 2020 IPVM New...
Video Surveillance Architecture 101 on Feb 18, 2020
Video surveillance can be designed and deployed in a number of ways. This 101...
PRC Warns Against China Video Surveillance Hacks, Hikvision Targeted on Feb 14, 2020
Hackers are targeting China video surveillance manufacturers and systems,...
FLIR Presents Dual Spectrum High Security Focused PTZ on May 01, 2020
FLIR presented its Elara DX-Series bispectral, visible and thermal, PTZ...
Seek Scan Thermal Temperature Screening System Tested on May 28, 2020
Now that IPVM has tested Dahua, Hikvision, and Sunell, we are returning to...
SenseB4 Presents Cloud Network Device Monitoring on Jun 09, 2020
SenseB4 presented its cybersecurity and network health monitoring products at...
Vulnerability Directory For Access Credentials on Feb 20, 2020
Knowing which access credentials are insecure can be difficult to see,...
Clinton Electronics Presents Axis Camera Equipped Public View Monitor on Apr 22, 2020
Clinton Electronics presented their Axis camera-equipped corridor mode M10PA...

Recent Reports

Video Analytics Online Show September 2020 Opened - Axis, Avigilon, Bosch, BriefCam, Genetec, Milestone + 30 More on Aug 12, 2020
IPVM's sixth online show will feature 35+ Video Analytics companies...
The German Company Powering Many China Temperature Tablets (Heimann) on Aug 12, 2020
Many fever tablet suppliers market German-made Heimann thermal sensors while...
Salesforce Drops Dahua and Hikvision on Aug 12, 2020
Salesforce has dropped Dahua and Hikvision as customers, forcing the two mega...
Access Control Course Fall 2020 - Register Now - Save $50 Last Chance on Aug 12, 2020
IPVM offers the most comprehensive access control course in the...
Genetec CEO Declares "We Don't Negotiate Payment With Patent Trolls" on Aug 11, 2020
Are patent trolls like terrorists? Genetec's CEO is coming out strongly...
Hanwha AI Analytics Camera Tested on Aug 11, 2020
Hanwha has released their Wisenet P AI camera, adding person and vehicle...
Alabama Schools Million Dollar Hikvision Fever Camera Deal on Aug 11, 2020
The Baldwin County, Alabama public schools purchased a $1 million, 144-camera...
Dahua Taunts Australian Government, Continues To Sell Illegal Fever Cameras on Aug 10, 2020
Dahua is effectively taunting the Australian government by continuing to sell...
HID Releases VertX Replacement Aero on Aug 10, 2020
HID is replacing two established and broadly supported types of access...
NDAA Compliant Video Surveillance Whitelist on Aug 10, 2020
This report aggregates video surveillance products that manufacturers have...
Telpo China Temperature Tablets Tested on Aug 10, 2020
The provider for overseas companies ranging from Canon Singapore to US'...
Dangerous Hikvision Fever Camera Showcased by Chilean City on Aug 07, 2020
Deploying a fever camera outdoors, in the rain, with no black body, is...
"Grand Slam" For Pelco's PE Firm, A Risk For Motorola on Aug 07, 2020
The word "Pelco" and "grand slam" have not been said together for many years....
FLIR Stock Falls, Admits 'Decelerating' Demand For Temperature Screening on Aug 07, 2020
Is the boom going to bust for temperature screening? FLIR disappointed...
VSaaS Will Hurt Integrators on Aug 06, 2020
VSaaS will hurt integrators, there is no question about that. How much...