Genetec Self-Discloses Critical Vulnerability

By Sean Patton, Published on Jul 31, 2018

In an unprecedented move for the video surveillance industry, Genetec has self-disclosed a critical software vulnerability across Security Center and Stratocast.

In this report we examine:

  • What the vulnerability is
  • What versions it impacts
  • Why they have released limited details
  • Why they disclosed it publicly even though no third party forced them to
  • Genetec's criticism of Chinese manufacturers / Hikvision vs their own critical vulnerability

Critical *************

******* ****** *** ************* had * **** **.* base ***** ** *.* (Critical).********* ** *** **** Base ***** **********, * **** *.* score ********* **** ********* network ******, ** ***********, and * *** ********** of ******.

***********, ******* ****:

**** ************* ******* ******** Center ******* ** ******** received **** *** *******. An ******* *** ** achieved **** ****** *** attacker ** *** ************* in ******** ******. *** exploit ***** ***** *** execution ** ********* **** and **** ******* ** the ********* ****** ******* the ******** ****** ****.

*** ************* *** ********** in ******** ****** *.* (released ~****) **** ************* could **** **** ********* for * ***** ****** it *** **********. ******* says **** **** ** reports ** ******* *** that **** ********** ** recently **** * "***** party ************ ***** ** Genetec ** ******* *********** tests" ******** ** ** them.

No ************* *******

*******'* ********** **** *** include ********* ******* *** a ***** ** ******* exploiting *** *************. **** is ******** *** *************** discovered *** ******** ** independent ******** *********** (*.*.,**** ************* *********).

A **** ****-**********

*********, ** * ******** such ** *******'*, ***** they **** *** *********** tester, *** ************* ***** be ******* *******, **** no ****** ****** *** the ****** ***** ** NDA ******* **** **** public *******, ********* ** various **** *******.

** ** **** *** companies ** ****-******** ** Genetec ***, ** ******* instance ************* ********* * ******* password ***************** ****. *********'* ********** was * **** ***** level ******** *****, **** affecting **, ********* *** Express, *** *** ********* control ** *** ********* system ** *** ******. It **** *** *** require * ******** ******, just ******** *** ******* user ** ******** *** password ** *** *******.

******* ** ** ** rare *** ************* ** self-disclose, ** * ********** ****** ** ********** Responsibility, *********** ********* **** would *** ***** ************* to ****-******** ******** ******.

Notification *****

******* **** ** ***** that ********* *** **** information ** *** ********** on ***** *******.

No ******* *********

******* ********* ** **** why **** *** *** sharing **** *******:

** ****** ** ******** the ************* ******** ** maximize *** ******* **** our ********* ****** ***** of ** *** ***** the *******. ** ** also ** **** **** the ************* ********** **** practices ********* ******* ** the ******** ********.

** ** ********** *** case ** ********, ******** what ** ******** ** that ******** *** * trade-off. **** **** ******** we ******* ** ****** the ***** ******* ******* disclosing ****** ******* ** that *** ******** *** conduct ***** *** **** assessment *** ***** *** patches ********* ** ***** own **** ********* ***** at *** **** **** avoiding ******* ******* ** providing ****** ******* ** that **** *** ***** exploit **** *** *** disclosed *************.

Patch ** *********

*******'* **** ***** *** Service *******/********** ****** ***** required *** **** ******* of ******** ******, *** recommends ******** *********** ** removing ******* ******* ****** to *** ******. ***** that **** ******* ******* are ******** ** ********** multi-site, *****-******** ************, ******** outside ******* ****** ***** essentially ******* *** ********* of ***** *******. ** such, ******** ******** ********* upgrades.

Criticism ** ******* *************

******* *** **** **** vocal ***** ************* ********, specifically ******* *************, **** notably ** ********* ********* / ************ Hikvision *** ****** *******, ****** ******** ***** their ******* ********** ******* and**** ** ******* ***** *********. ******* would ****** ***** ** the **** **** **** disclosed **** **** **** were *** ****** ** do ** ** * sign ** ***** *** trustworthiness.

*******, ***********, ********* *** Huawei ********** **** ***** out *******'* *** ******** vulnerability ** ***** **** any ************ ** ******* likely ** **** ***************.

Poll / ****

Comments (56)

Excellent! That's how it should be done!

Excellent!!

bashis, do you still believe this is the way it should be done, considering the lack of details?

What did we really learn, just that Genetec had some undefined critical vulnerability and fixed it?  Surely it’s not the first time an inside engineer at Genetec found a hole in their own software.

If such statements were found to make us feel better about a company’s security, what’s to stop a company from just saying 

“We found a critical flaw.  We fixed it.  See, we take security seriously.”

Genetec actually state it was discovered by a third-party penetration testing company, not an inside engineer.

Well, you can't expect so much FD with in-house discoveries, pretty much same thing you don't get from M$, Cisco either (or whatever).

What's should be taken seriously is that they actually disclosure they found some serious vulnerabilities, and their customers should update to latest FW and not "hide" as "normal" update - Thats the really important part!

What's should be taken seriously is that they actually disclosure they found some serious vulnerabilities, and their customers should update to latest FW and not "hide" as "normal" update...

Ok, that is a reasonable and sensible position.

Playing Devil’s advocate though, assuming that the corporate goal is to protect customer systems to the greatest overall degree, might a less transparent disclosure method be better?

For instance, if and only if it can be reasonably determined that the exploit has not made it into the wild yet, perhaps the initial FW patch would better be made under the guise of “IMPORTANT UPDATE -  MAJOR BUG FIXES” as opposed to “CRITICAL UPDATE TO FIX REMOTE ROOT VULNERABILITY”.

Because the latter is surely a beacon to those who might seek to use the exploit for ill-will.

And since the critical fix was immediately released, it may contain little more new code than the code needed to patch it.

This clearly defined diff code could greatly assist in reverse engineering the vulnerability itself.

On the other hand, waiting 6 months or so after the fix has been released to announce the critical vulnerability, would give the end-users more time to remediate the problem before the hackers begin to pounce.

Plus the ambiguity of not knowing which FW was the one to contain the actual fix code would make it harder to reverse engineer.

Thoughts?

The information release is key concept here aka: notifications. It makes all users aware of the fragility of a certain system. Keeping patches and updates underneath the public view only circumvents the ability for a paradigm or coding perception to help rectify or change the outcome of said vulnerability. No one can just stand alone and figure things out, this is why a grey, black and white hat community exists between the voids.

Embrace those that can help you and keep your enemy near. Simple concept.

Assume reverse engineering is also in progress, if you see something F^^king say something.

There is no argument here, only trolls can enhance this conversation with BS manipulations of the system.

Keeping patches and updates underneath the public view only circumvents the ability for a paradigm or coding perception to help rectify or change the outcome of said vulnerability.

What’s the coding perception that helps rectify the vulnerability when no details of the exploit aside from the severity level is released?

 

I do believe that one month or 12 months before disclosure actually doesn't matter, as there will still be tons and tons of vulnerable devices that has not been patched. (look only at montecryptos FD regarding his discovery with Hikvision)

 

What i DO think matter in long run, is that vendors DO admit there are some security vulnerability in their products and they DO their security advisory about this, but I don't and you should not either expect drastic changes in customers actions into patching.

 

Lastly, I don't expect any details from vendors when they disclosure their own findings, but be very sure there will be details in Full Disclosure when I publish and most probably other 3rd parties.

 

Final, all researches are built on reverse engineering, binary diff can (mostly) only get you a hint, but never (mostly) reveal actual area to find the vulnerability.

 

My 0.02$

I like the move by Genetec.  I think it's fine that they're not fully explaining the vulnerability either.  Why give low grade hackers a blueprint on how to exploit systems?  I think telling the public that there is a vulnerability, a fix and please update is a good move.

I am not surprised that Genetec did not disclose details of an exploit or proof of concept. Those things are often done by researchers as a way to prevent the affected company from claiming the issue is "very complex to execute" or "only affecting certain products", and similar excuses. Proof of concept works allow users to verify if their systems are affected, and judge for themselves the technical complexities if the manufacturer does not respond or tries to spin the issue.

In this case Genetec is openly admitting the vulnerability, issuing a patch, and disclosing which products/versions are affected. Releasing a proof of concept would only put customers at undue risk at this point.

"Trustworthiness" and "vulnerabilities" are obviously two different things, let's not confuse them.  All software has the potential for vulnerabilities but do you trust the organization is making security an important aspect of their product/solution and therefore will be forthcoming e.g. diligent in finding/making known and patching said vulnerabilities?  When asking these questions (if this is important to you or relevant in your business model) one can only look at past experiences and history.

I don't use Genetec as much as I should, does anyone know if their cloud controller is still running on Windows 7 embedded? Has anyone tried to Konboot one those controllers?

In other news, if you use a Synology NAS for any cctv or other storage deployments, DSM needs to be patched for a vulnerability released yesterday on Synology's website.

https://www.synology.com/en-global/support/security/Synology_SA_18_39

Here is the response I got when inquiring with our sales engineer on the SCL, Synergis Cloud Link, OS on May 21, 2018.  I sent a follow up this morning to see if there was and update.  I will let you know what I hear back.  

Here's what I heard back from HQ:

We are still shipping the win 7 version, the version 10 will be only later this year or early next. We have over 2 years of windows support with 7 embedded and we are providing the windows critical update. 

I am the Director of Access Control Product Group at Genetec.

While the Synergis Cloud Link appliance runs on Windows 7 embedded, there are no known vulnerabilities that affect the appliance. We always recommend keeping the firmware of your field devices updated as frequently as possible. That is why we make firmware upgrades easier by bundling Windows security updates with the Synergis Cloud Link firmware, that can be scheduled, triggered and managed directly from Security Center.

With respect to the concerns around the Kon-Boot vulnerability, an exploit is only likely with physical access to your Synergis Cloud Link appliances but they are designed to only boot from internal interfaces to mitigate this risk. We recommend installing Synergis Cloud Link in a secure cabinet stored in a secure part of your premises.

As predicted, genetec has vulnerabilities, they get praised. Hikvision gets hacked, they are accused of going to war with the usa. Looking forward to more comments like this.

How do you not see the difference between how Genetec handled this compared to your beloved Hikvision and Dahua? 

He does.  You have to remember his business is built on HIKVision.  He has to be on here to provide counter views to IPVM in order to keep business booming.  He's like the friendly guy that everyone chuckles and says "Haha that's so Sean.  Good ol' Sean."

You have a point. With genetec, you are paying thousands per channel per vulnerability. With hikvision, you are only paying a few dollars. Big difference.

I think it would be a good idea for manufacturers to take note and implement software industry standards and block their integration with Genetec unless the user pays an upcharge. What do u think?

I know you are being funny but (perhaps without knowing it) you are right on the money.  If I needed a camera and NVR for my Dog House and didn't care about Chinese human rights issues et al, then Hikvision all day long, customer (being me) makes out.  If I wanted to represent the best in class solution and my customers are willing to pay for that level of quality and assurance then we could go with Genetec and a camera manufacturer that spends more energy on security related concerns.  Just saying.

In my case, I prefer not to have a camera for my dog's house if I think it was built by slaves.

By the way, since there's a lot of companies reselling devices and components made in China factories, is there a way to check facts about Human Rights in those factories?

As predicted, genetec has vulnerabilities, they get praised. Hikvision gets hacked

Stop and think about what you just wrote for a minute. Genetec proactively hired a pen-test firm, discovered a vulnerability, patched it, and communicated this out before any hacks took place. They did not hide the fact that a vulnerability was discovered.

Hikvision, much unlike Genetec, has suffered a number of hacks, with actual devices being exploited and affected. Hikvision has generally only pushed out communications about these vulnerabilities and hacks when forced to do so, often after IPVM coverage. Hikvision has not in any way taken an approach that inspires confidence or trust in the company.

You statement then is a pretty good summary. One company works proactively to prevent a vulnerability from turning into a hack and gets praised. Another company takes a head-in-the-sand denial approach and gets flamed.

Genetec proactively hired a pen-test firm, discovered a vulnerability, patched it, and communicated this out before any hacks took place. 

We have no idea if any hacks took place. For example, if Hikvision's owner, the PRC, found this first, they would have happily used it for as long as they could and not tell anyone. And Genetec serves enterprise customers who have real security concerns so Genetec needs to be on top of these things.

That noted, I do agree about the difference in communication. How many critical vulnerabilities has Hikvision found in production released products that they have fixed but not announced?

We have no idea if any hacks took place.

Fair point. Change that to "before any proof of concepts were released publicly".

 

Ethical hacks may have taken place.  :/

 

 

I think one of the main differences is, Genetec admitting to a vulnerability BEFORE it was publicly announced.  Also, the fact that they didn't deny it, hide it under an obscure section or claim no responsibility for the vulnerability.  I know you love Hikvision, but come on Sean, even you have to admit this is the way they should handle a vulnerability.

If the resources aimed at HIK had been deployed to other manufacturers - this would have been identified earlier along with all of the other golden boys - but that wouldn't help the agenda of IPVM would it? That would require an unbiased, even handed policy that just doesn't sell subscriptions in the same way.

 

It's nice to see that Genetec hires pen testers. I wonder if this is standard industry practise among the big players, or if this is something unique? 

 

 

Scott, not sure if this is 'standard' but quite a number of video surveillance manufacturers are doing this now. What's notable is that Genetec disclosed something. As we mention in the post, often manufacturers want these vulnerabilities quietly fixed and never publicly mentioned.

I don't know how Genetec's pricing structure works, but when we find a bug in Exacq (and there have been some nasty ones in v6.0 and 9.0) it costs money to upgrade.  So Genetic may be looking at this as a profit center and spinning it as a "look at us, we take the high road" scenario. 

I'm not a huge fan of Genetec as they are a closed dealer-only system.  Despite all HIK and Exacq's flaws, at least they don't discriminate against smaller and medium sized companies.  (Ie - with Genetec you can't join the old boys club).  And I'd be willing to bet Genetec has a boatload more bugs that they admit to, but since 1% of the market uses their software nobody cares. 

Security through obscurity.

Scott,

Every version of Security Center has been patched with a Cumulative Update, which is available for free for whatever version a customer bought, even if the system is no longer covered by a Genetec Advantage Plan (software maintenance agreement).

Hi Scott,

Speaking as a SMB and a Genetec Partner, the 'closed dealer only system' (partner program) gives us massive payback for investing in the training and certification required when dealing with enterprise systems.

Genetec's control of the partner list ensures the product, services and us as partners are kept at a quality and more importantly a price point.

If we had engineers running about selling and installing Genetec directly, you don't think the price point and quality of install would plummet? No thanks. I'd rather leave the race-to-the-bottom Chinese market installers out of the equation.

$ aside, Genetec look after their partners. We have work regularly pushed our way by Genetec. How many other manufacturers do you know that do that. I don't recall Hikvision ever calling us and saying 'we've got a great project for you guys, here's the number of the client etc...'

No system is without bugs and vulnerabilities, it's all just software after all. It's how they respond to those issues that counts. There's no charge for cumulative fixes. If you keep the SMA running, which is reasonably priced you get free upgrades for all the releases. This is exactly the same as Exacq.

By the way, if you want to install the enterprise products from Exacq, you'll need to join their 'old boys club' too.

The argument that a closed dealer only system like Genetic is to maintain quality of installations is complete bullshit. 

Dealer only programs (Avigilon, Genetec, Kantech Global) are there to reduce the number of bidders on hard-spec'd tenders and increase profit margins to dealers.  Period.

If Avigilon, Genetec etc were truly concerned with quality of installs then they would simply require extensive and expensive training to become a dealer.  Instead, they choose to lock out medium sized companies to try and keep the old boys fat while the smaller guys (in theory) starve.

Genetec is not saintly for going public with a bug fix.  They're a closed dealer-only company that goes after the top 1% of enterprise customers and has security through obscurity.  It's like saying your Macbook never gets any viruses.  Is that because Apple creates magic bulletproof code, or the fact that Windows owns 95% of the desktop market and is the bigger target.

 

We are one of those medium sized companies, who compete very strongly with the "old fat boys".

We do not starve. We have a very high bar for the quality of our finished system installations, which is why Genetec and others you mentioned keep us on their short list as dealers for their top level product offerings.

Genetec, and the others you mentioned do included in their limited list of integrators per territory pretty much all the nationals, which is normal, but they also always have an equal amount of smaller "medium" sized businesses who have invested in their training and make an active effort to promote their products and install their systems using the highest standards of the industry.

Quality matters. Rewarding your dealers for promoting your products and representing your products properly also matters.

If Avigilon, Genetec etc were truly concerned with quality of installs then they would simply require extensive and expensive training to become a dealer.  

 

Genetec DOES require extensive and expensive training to become a dealer.

Avigilon does not charge for training.

Having a closed channel that vets integrators before coming to a dealer are important.  I have seen more security companies care more about money than delivering a quality solution to customers.   

Dealer only programs (Avigilon, Genetec, Kantech Global) are there to reduce the number of bidders on hard-spec'd tenders and increase profit margins to dealers. Period.

When I became an Avigilon dealer I had 2 people on staff.  Now I have 20 people and growing monthly.   I also know many other small 2-5 man shops that are very successful selling Avigilon. 

Impressive, kudos for Genetec.

I don't know how Genetec's pricing structure works, but when we find a bug in Exacq (and there have been some nasty ones in v6.0 and 9.0) it costs money to upgrade. So Genetec may be looking at this as a profit center and spinning it as a "look at us, we take the high road" scenario.

I'm not a huge fan of Genetec as they are a closed dealer-only system. Despite all HIK and Exacq's flaws, at least they don't discriminate against smaller and medium sized companies. (Ie - with Genetec you can't join the old boys club). And I'd be willing to bet Genetec has a boatload more bugs that they admit to, but since 1% of the market uses their software nobody cares.

Security through obscurity.

Scott,

Each version of Security Center has been patched with a Cumulative Update, which is available for free for whatever version a customer bought, even if the system is no longer covered by a Genetec Advantage Plan (software maintenance agreement).

Scott, I am the Northeast Director of Sales for Genetec and I am not supposed to post on IPVM but I think I can get away with this one. Your comment is completely untrue, we have tons of smaller to medium sized companies as partners, probably more than we have larger ones. We have numerous offerings in our Cloud/Subscription and On-prem solutions to fit any size integrator or end-user yet this is a common misconception in our industry. Please reach out to myself or your local RSM and we would be more than happy to discuss a partnership with Genetec. We would never discriminate and we are built on TRUST!

Hey Chris,

Who can we contact in BC Canada to become set up with Genetec?  We've had many tenders where Genetec would have saved us a lot of messing around with Kantech and Exacq.  Is there an RSM here?  Maybe you?

 

Thanks

Cuddos to Genetec. No software, or human, is flawless. Admit when there's an issue ASAP rather than throwing it in a closet and hiding it.

As a "competitor" to Genetec, I'll say that this is absolutely the correct approach.  Vulnerabilities are to be expected, as what was secure yesterday might not be tomorrow.  A proactive (and public) methodology to addressing these types of issues will always instill a higher level of confidence with your customer base.

I always prefer to be aware of a vulnerability and how to address it. If the manufacturer quietly addresses it and just includes the fix in the next release, then there open the door for end-users to skip an update they deem not critical(since they don't know it will fix a major vulnerability) and expose them to an attack. As noted in the previous comments the fix is also provided for systems with expired SMA and clearly shows Genetec is not trying to monetize the issue. In those cases, the quiet fix in the next release will not address the issue either.  

Good thing they blocked Hikvision, for safety sake and all. 

Probably wouldn't have happened if Hikvision had handled any one of their numerous easily exploited vulnerabilities in as straightforward a manner.

Point taken. Kind of like opening a source code center for government authorities to inspect the source code used in their products? That didn’t receive much acclaim, did it. 

Honestly, there isn’t much Hikvision could do to endear much support around here. They are dead man walking no matter what. 

That didn’t receive much acclaim, did it.

No, it didn't because it was a bullshit PR move, not an authentic gesture. And, if Hikvision had been upfront and professional about their numerous vulnerabilities they probably wouldn't have needed to dangle out the bullshit "source code center" to try and appear competent and trustable.

 

Careful Jon - you'll be branded "un-patriotic" and have the wrath of Trump descend upon you by the IPVM lemmings.

 

 I think that this admission shows that they truly do care about their reputation and want to ensure the protection of their customers data privacy. Unlike some vendors that obfuscate, cajole, humiliate and outright deny their vulnerabilities so that they can get more sales. 

There was a time that disclosure didn't ruin a company  - it enhanced the trust of the firm. Instead of lambasting Genetec, we should be applauding them on their transparency - I don't even sell the product. 

Hats off to you Genetec.

 

 

It seems the link to the CVSS Base Score Calculator isn't working. Is it just me?

Joseph, the link provided (https://www.first.org/cvss/calculator/3.0) does work for me.

Genetec self-disclosed another vulnerability, related to a potential blank password tied to a default admin account: Media Gateway Vulnerability. It is scored a CVSS v3.0 base score of 7.5 (High) because RTSP can be used to gain unauthorized access to any camera's live or stored video.

About this latest vulnerability, Genetec told IPVM:

The vulnerability was found in an early version of Security Center 5.8 prior to its release by the pentesters we hired.  Since the default user used for the Media Gateway is the same default user present in Security Center upon installation (aka the Admin user) it was believed that the mandatory password change in the Installer Assistant upon first connection in the Config Tool would also change the password in the Media Gateway. This assumption was false and is the root cause of the issue.

The Media Gateway is not a role created by default in Security Center. A user manually creating Media Gateway role and following the steps detailed in the Administrator Guide wouldn’t have had any issue (we are however updating our hardening guide just to be sure). The real problem arises when a user creates a Web Client role, as this automatically also creates a Media Gateway role that the user may not be aware that s/he created. We can’t expect users to be aware of this, and that is reason why an advisory was published.

Naturally, the worst case scenario was assumed in the announcement but it is not easy to exploit: the hacker still has to discover the unique hexadecimal number (called Guid) for each camera they wants to access via the RTSP interface.

The Genetec GUID is a group of hexadecimal numbers that often includes the MAC address of the device (in this example an Axis camera's GUID):

The vulnerability was found in an early version of Security Center 5.8 prior to its release by the pentesters we hired.

prior to it’s release?  was it released anyway?

if never released, how was anyone vulnerable?

The vulnerability is not present in any releases in 5.8, it was found during 5.8 pen-testing during development but is present in 5.6 and 5.7 (up to SR6) if using the Web Client Server. Genetec testing/QA/development missed the vulnerability for 2+ years.

Here is the matrix of affected products:

...it is not easy to exploit: the hacker still has to discover the unique hexadecimal number (called Guid) for each camera they wants to access...

from the internet, not easy.  from the LAN, easy.

 

"from the internet, not easy. from the LAN, easy."

If you have a hacker on your LAN you have bigger issues no?

 

Its cool that they told on themselves by advising and releasing the vulnerability however I would like to know one thing. Who got fired for this? Sounds like creating one role automatically initiates the creation of the Media Gateway role (RDP 3389 login, lol). 

Jetson!  You're Fired!

Read this IPVM report for free.

This article is part of IPVM's 6,592 reports, 889 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

US GSA Explains NDAA 889 Part B Blacklisting on Jul 31, 2020
With the 'Blacklist Clause' going into effect August 13 that bans the US...
Wyze Fails To Deliver Own On-Board Analytics, Launches Novel Name Your Own Price Service on Jul 24, 2020
While Wyze failed to deliver their own onboard analytics to replace the...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Ubiquiti Access Control Tested on Oct 21, 2020
Ubiquiti has become one of the most widely used wireless and switch providers...
Uniview Deep Learning Camera Tested on Jul 14, 2020
Uniview's intrusion analytics have performed poorly in our shootouts. Now,...
Access Control Levels and Schedules Tutorial on Sep 29, 2020
Configuring access levels and setting up schedules is central to maintaining...
Genetec and Dahua-Backed Intelbras Split Examined on Jul 29, 2020
China is the cause of the breakup between Canada's and Brazil's largest video...
Forced Door Alarms For Access Control Tutorial on Aug 17, 2020
One of the most important access control alarms is also often ignored....
Monitoring Alarm Systems From Home - Innovation or Danger? on Oct 13, 2020
Remote monitoring by alarm companies since COVID-19 is bringing cost savings...
Watrix Gait Recognition Profile on Oct 16, 2020
Watrix is the world's only gait recognition surveillance provider IPVM has...
Face Masks Increase Face Recognition Errors Says NIST on Aug 04, 2020
COVID-19 has led to widespread facemask use, which as IPVM testing has shown...
Avigilon Social Distancing Analytics Tested on Aug 26, 2020
Avigilon released its social distancing analytics in response to the...
WDR Cheat Sheet and Camera Tracking - 30 Manufacturers on Aug 26, 2020
Manufacturers are regularly cryptic about what WDR support they actually...
Dahua Taunts Australian Government, Continues To Sell Illegal Fever Cameras on Aug 10, 2020
Dahua is effectively taunting the Australian government by continuing to sell...
FLIR Markets Windows Temperature Screening, Violates IEC And Causes Performance Problems on Jul 17, 2020
FLIR, one of the largest thermal screening manufacturers, is marketing...

Recent Reports

ISC Brasil Digital Experience 2020 Report on Oct 23, 2020
ISC Brasil 2020 rebranded itself to ISC Digital Experience and, like its...
Top Video Surveillance Service Call Problems 2020 on Oct 23, 2020
3 primary and 4 secondary issues stood out as causing the most problems when...
GDPR Impact On Temperature / Fever Screening Explained on Oct 22, 2020
What impact does GDPR have on temperature screening? Do you risk a GDPR fine...
Security And Safety Things (S&ST) Tested on Oct 22, 2020
S&ST, a Bosch spinout, is spending tens of millions of dollars aiming to...
Nokia Fever Screening Claims To "Advance Fight Against COVID-19" on Oct 22, 2020
First IBM, then briefly Clorox, and now Nokia becomes the latest Fortune 500...
Deceptive Meridian Temperature Tablets Endanger Public Safety on Oct 21, 2020
IPVM's testing of and investigation into Meridian Kiosk's temperature...
Honeywell 30 Series and Vivotek NVRs Tested on Oct 21, 2020
The NDAA ban has driven many users to look for low-cost NVRs not made by...
Ubiquiti Access Control Tested on Oct 21, 2020
Ubiquiti has become one of the most widely used wireless and switch providers...
Avigilon Aggressive Trade-In Program Takes Aim At Competitors on Oct 20, 2020
Avigilon has launched one of the most aggressive trade-in programs the video...
Mexico Video Surveillance Market Overview 2020 on Oct 20, 2020
Despite being neighbors, there are key differences between the U.S. and...
Dahua Revenue Grows But Profits Down, Cause Unclear on Oct 20, 2020
While Dahua's overall revenue was up more than 12% in Q3 2020, a significant...
Illegal Hikvision Fever Screening Touted In Australia, Government Investigating, Temperature References Deleted on Oct 20, 2020
The Australian government told IPVM that they are investigating a Hikvision...
Panasonic Presents i-PRO Cameras and Video Analytics on Oct 19, 2020
Panasonic i-PRO presented its X-Series cameras and AI video analytics at the...
Augmented Reality (AR) Cameras From Hikvision and Dahua Examined on Oct 19, 2020
Hikvision, Dahua, and other China companies are marketing augmented reality...
18 TB Video Surveillance Drives (WD and Seagate) on Oct 19, 2020
Both Seagate and Western Digital recently announced 18TB hard drives...