Genetec Comments on Washington DC MPD Hack

Author: Brian Karas, Published on Mar 13, 2017

This January, the Washington DC police video surveillance system was hacked with ransomware, impacting 123 of 187 cameras.

Last month, IPVM confirmed that the police system was using Genetec recorders, Axis cameras and Cradlepoint equipment.

Now, Genetec has responded to IPVM's request with a preliminary statement.

Genetec: No Fault In Omnicast

After conducting an initial investigation, Genetec offered the following statement to IPVM:

"To the best of our knowledge, no security vulnerability was discovered, nor exploited within our software or appliances."

They did point out that their investigation is not 100% complete, and that they will be sending a notification to customers running OmniCast 4.1 (the version used by the MPD) once they have all details of the breach.

No Omnicast Updates Planned

Genetec also confirmed that they do not intend to release any patches or updates to Omnicast 4.x as a result of this attack, or the investigations from it. Omnicast 4.x is still actively supported by Genetec, making the lack of patches/updates related to this issue further indication that Genetec believes their software to not be at fault in this breach.

Genetec Promotes Hardening

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

In a recent blog post, Genetec called attention to their Hardening Guide for 4.x, in particular advising users of Genetec SV-16 or SV-32 appliances: "to carefully review Section 4", which provides tips for securing Omnicast systems.

The key recommendations in this section are as follows:

  • Change the default username and password of any video units or encoders attached to your system
  • Set a password for the Genetec Admin user
  • In the case of a Federated Omnicast system, create a new user with limited rights and a password. This user should only be used to access the Federation service
  • Windows updates should be installed periodically. This will always insure a secure Omnicast environment
  • Change the password of the OmnicastSvcUsr
  • Set up a password for the Omnicast console

Failure Of Best Practices Most Likely Cause

Given Genetec's statements, no software update / fix, and their republishing of a 5 year old document, this implies the MPD incident was most likely avoidable, and the result of not following a basic set of best practices. Over the past several years Microsoft has introduced a number of security fixes for Windows for vulnerabilities related to common services like remote desktop, IIS, and SMB, if the recorders had not received updates to the Windows operating system they were likely vulnerable to several of attack methods.

Potential For Other Genetec Appliances To Be Hacked

While this ransomware attack may not have been specifically attributed to a flaw in the Omnicast software, it did occur to appliances built and sold by Genetec. Other SV-16 or SV-32 appliances that were shipped with the same Windows build, and not updated to Genetec's hardening guidelines are most likely susceptible to similar attacks. Users of these appliances should update them and ensure they are secured to Genetec's recommendations.

Call For Information On MPD Systems

We are still actively gathering information on the details of the MPD systems and attack methods. If you have information, you can email us anonymously at info@ipvm.com or use an anonymous email service, as always we keep the privacy of sources confidential.

1 report cite this report:

Manufacturers Cheer ISC West 2017 Performance on Apr 11, 2017
ISC West 2017 showed strong satisfaction results from manufacturers, similar to 2016's ISC West. 100 manufacturers rated their impressions of ISC...
Comments (13): PRO Members only. Login. or Join.

Related Reports

Avigilon CEO Attacks Asian Companies Cyber Insecurity on Aug 18, 2017
Avigilon CEO is taking aim at their Asian competitors. And he is going directly after these company's cyber security issues. In this note, we...
IP Networking Course September 2017 on Aug 17, 2017
This is the only networking course designed specifically for video surveillance professionals plus it includes live training, personal help and...
Hikvision Responds To Cracked Security Codes on Aug 15, 2017
Hikvision has responded to IPVM's report on Hikvision's security code being cracked, both with a 2 page update to dealers and communication...
Vulnerability Directory For Access Control Cards on Aug 14, 2017
Knowing which access credentials are insecure can be unclear, especially because most look and feel the same. Even the most insecure 125 kHz types...
Hikvision Security Code Cracked on Aug 08, 2017
Hikvision's 'security code' feature has been cracked and a program generating security codes is being distributed online. IPVM has obtained and...
US Army Bans Chinese DJI Drones on Aug 08, 2017
The US Army has issued a ban on Chinese-made DJI drones. A US Army memo obtained by sUAS News references a classified document from the Army...
Dahua Suffers Second Major Vulnerability, Silent [Finally Acknowledges] on Jul 25, 2017
Less than 3 months ago, Dahua received DHS ICS-CERT's worst score of 10.0 for their backdoor. Now, Dahua has received another 10.0 score for a new...
Wireless Burglar Alarm Sensors Guide on Jul 21, 2017
Wireless sensors for burglar alarm sensors are an increasingly common option for the historical labor intensive wired alarm systems. However,...
PR Campaign Exploiting Manufacturer Cybersecurity on Jul 20, 2017
Manufacturers increasingly have a bulls-eye on their back. As cyber security solutions providers grow, they realize a great way to get publicity...
Hikvision USA Head of Cybersecurity Exits on Jul 18, 2017
Hikvision USA's Head of Cybersecurity has exited the company. In this note, we review the move, share Hikvision's feedback and examine the...

Most Recent Industry Reports

FLIR Restructures Security Division on Aug 22, 2017
FLIR's goal was once to have a single end-to-end security solution. However, FLIR's Security business unit has been struggling, with several areas...
Honeywell Total Connect 2.0 Tested on Aug 22, 2017
Honeywell is one of the biggest brands in security, with Total Connect 2.0 being the company's remote security and smarthome platform. We bought...
IP Camera Cabling Testing Statistics on Aug 22, 2017
Test and certify, or crimp and pray? Some integrators certify every cable they run, while others only inspect cables that have video issues. 130...
Dahua 4K IR PTZ Tested on Aug 21, 2017
4K has made its way to IR PTZs. In this report, we examine the Dahua 6AE830VNI, a 4K PTZ with 30x optical zoom, 200m (~650') integrated IR, and...
Top Used License Plate Capture Cameras on Aug 21, 2017
Capturing license plates is a common video surveillance application. But what cameras do integrators mostly commonly used? Special purpose LPC...
VLAN For Video Surveillance Usage Statistics on Aug 21, 2017
VLANs (see our tutorial) are an option for networks using video surveillance, but how often are they actually used? 125+ integrators told us how...
Avigilon CEO Attacks Asian Companies Cyber Insecurity on Aug 18, 2017
Avigilon CEO is taking aim at their Asian competitors. And he is going directly after these company's cyber security issues. In this note, we...
Sony Next Gen HD Dome Camera Tested (SNC-EM642R) on Aug 18, 2017
Sony has released their latest generation, claiming improved WDR and low light, increased IR range, and more. We tested the SNC-EM642R outdoor IR...
IP Networking Course September 2017 on Aug 17, 2017
This is the only networking course designed specifically for video surveillance professionals plus it includes live training, personal help and...
Knightscope Raises $10 Million With $3,320 Average Per Investor on Aug 17, 2017
Congrats to Knightscope. And condolences to their legion of little investors. Knightscope has disclosed they have raised $10+ million from their...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact