Genetec Comments on Washington DC MPD Hack

Author: Brian Karas, Published on Mar 13, 2017

This January, the Washington DC police video surveillance system was hacked with ransomware, impacting 123 of 187 cameras.

Last month, IPVM confirmed that the police system was using Genetec recorders, Axis cameras and Cradlepoint equipment.

Now, Genetec has responded to IPVM's request with a preliminary statement.

Genetec: No Fault In Omnicast

After conducting an initial investigation, Genetec offered the following statement to IPVM:

"To the best of our knowledge, no security vulnerability was discovered, nor exploited within our software or appliances."

They did point out that their investigation is not 100% complete, and that they will be sending a notification to customers running OmniCast 4.1 (the version used by the MPD) once they have all details of the breach.

No Omnicast Updates Planned

Genetec also confirmed that they do not intend to release any patches or updates to Omnicast 4.x as a result of this attack, or the investigations from it. Omnicast 4.x is still actively supported by Genetec, making the lack of patches/updates related to this issue further indication that Genetec believes their software to not be at fault in this breach.

Genetec Promotes Hardening

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

In a recent blog post, Genetec called attention to their Hardening Guide for 4.x, in particular advising users of Genetec SV-16 or SV-32 appliances: "to carefully review Section 4", which provides tips for securing Omnicast systems.

The key recommendations in this section are as follows:

  • Change the default username and password of any video units or encoders attached to your system
  • Set a password for the Genetec Admin user
  • In the case of a Federated Omnicast system, create a new user with limited rights and a password. This user should only be used to access the Federation service
  • Windows updates should be installed periodically. This will always insure a secure Omnicast environment
  • Change the password of the OmnicastSvcUsr
  • Set up a password for the Omnicast console

Failure Of Best Practices Most Likely Cause

Given Genetec's statements, no software update / fix, and their republishing of a 5 year old document, this implies the MPD incident was most likely avoidable, and the result of not following a basic set of best practices. Over the past several years Microsoft has introduced a number of security fixes for Windows for vulnerabilities related to common services like remote desktop, IIS, and SMB, if the recorders had not received updates to the Windows operating system they were likely vulnerable to several of attack methods.

Potential For Other Genetec Appliances To Be Hacked

While this ransomware attack may not have been specifically attributed to a flaw in the Omnicast software, it did occur to appliances built and sold by Genetec. Other SV-16 or SV-32 appliances that were shipped with the same Windows build, and not updated to Genetec's hardening guidelines are most likely susceptible to similar attacks. Users of these appliances should update them and ensure they are secured to Genetec's recommendations.

Call For Information On MPD Systems

We are still actively gathering information on the details of the MPD systems and attack methods. If you have information, you can email us anonymously at info@ipvm.com or use an anonymous email service, as always we keep the privacy of sources confidential.

1 report cite this report:

Manufacturers Cheer ISC West 2017 Performance on Apr 11, 2017
ISC West 2017 showed strong satisfaction results from manufacturers, similar to 2016's ISC West. 100 manufacturers rated their impressions of ISC...
Comments (13): PRO Members only. Login. or Join.

Related Reports

Search More Important Than Live Monitoring - Statistics on Oct 18, 2017
Search is overall more important than live monitoring to integrators, according to new IPVM statistics.  The key themes found in integrator...
Exporting Video Surveillance Tutorial on Oct 05, 2017
Exporting video surveillance is important when incidents or crimes occur. However, there are multiple ways to export video which have their pros...
Dahua Trying, Struggling To Respond To Hacking Attacks on Oct 04, 2017
Now, 2 weeks since large-scale hacking attacks commenced against Dahua vulnerable devices, we analyze Dahua's response. On the positive side,...
Hikvision USA Misleads Dealers On Backdoor on Oct 03, 2017
Hikvision USA emailed their dealers overnight with their 5th cyber security 'special bulletin' of the year. Misleading Unfortunately, they...
FLIR Thermal Camera Multiple Vulnerabilities, Patch Released on Oct 03, 2017
Multiple cyber security vulnerabilities exist in FLIR thermal cameras, which have not been fixed, despite being reported months ago. In this note,...
ASIS Show 2017 Final Report on Sep 27, 2017
ASIS is in Dallas for 2017 and this is our final show report (compare to our 2016 ASIS show report). When walking in, one is greeted with Dahua's...
Hackers Globally Attacking Dahua Recorders on Sep 25, 2017
Dahua recorders are being hacked and vandalized around the world, as confirmed by dozens of reports to IPVM since the attacks surged 5 days...
September IP Networking Course on Sep 14, 2017
LAST Chance - Registration is ending. Register now. This is the only networking course designed specifically for video surveillance professionals...
Genetec Launches Community Connect Examined on Sep 14, 2017
Genetec has done best in large-scale, enterprise systems and relatively worse in smaller systems such as SMB. Now, Genetec is launching...
Hikvision Backdoor Exploit on Sep 03, 2017
Full disclosure to the Hikvision backdoor has been released, allowing easy exploit of vulnerable Hikvision IP cameras. As the researcher, Monte...

Most Recent Industry Reports

Anixter End User Sales Troubles on Oct 23, 2017
End user sales have and continue to be a major problem for Anixter's physical security business. Every year, according to various Anixter people,...
Assa Abloy Acquires August on Oct 23, 2017
The mega access control manufacturer, Assa Abbloy, has acquired one of the most well funded access control startups, smart lock...
Axis Q3 2017 Financial Results on Oct 23, 2017
A big issue for Axis this past quarter was their product shortage. Despite that, new Q3 numbers for Axis show solid financial results. In this...
Cisco Falling - Favorite Network Switches 2017 on Oct 20, 2017
1 major manufacturer fell and 1 outsider manufacturer gained as integrator favorites for network switches from more than 140 votes / explanations...
Uniview Recorder Backdoor Examined on Oct 20, 2017
A Chinese research group has identified a vulnerability in Uniview recorders that allows backdoor access in a method similar to the Dahua...
Hikvision Access Control Tested on Oct 19, 2017
Hikvision aggressive pricing and marketing combined with generally reliable hardware and free software has made them a major player in video...
Verkada, Silicon Valley VSaaS Startup, Targets Enterprise on Oct 19, 2017
Verkada says they are building an enterprise-class VSaaS offering, calling it "The new platform for video security". This is a departure from the...
Exacq Unbreaks Avigilon Integration on Oct 18, 2017
For nearly 4 years, Exacq had broken and effectively blocked use with Avigilon cameras, as IPVM reported in January 2014. Now, Exacq has...
Search More Important Than Live Monitoring - Statistics on Oct 18, 2017
Search is overall more important than live monitoring to integrators, according to new IPVM statistics.  The key themes found in integrator...
Axis 'Sold Out' P3707-PVE Multi-Imager Tested on Oct 18, 2017
Axis faced significant product shortages over the summer. Perhaps the most notorious and significantly sold out model was the Axis P3707-PE 8MP...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact