Network Security Audit App (March Networks) Examined

By: Brian Karas, Published on Dec 01, 2016

Verifying one's video surveillance devices are locked down against common cybersecurity vulnerabilities is increasing important, as hacks using video surveillance have become more prominent.

March Networks has released an enhanced mobile app to audit these issues.

Can you verify your recorder is locked down against common cybersecurity exploits? 

In this note, we examine the app, and identify what it checks, and what it overlooks, when it comes to enhancing the network security of their products.

********* ***'* ***** ************ devices *** ****** **** against ****** ************* *************** is ********** *********, ** hacks ***** ***** ************ have ****** **** *********.

***** ******** *** ******** an ******** ****** *** to ***** ***** ******.

*** *** ****** **** recorder ** ****** **** against ****** ************* ********? 

** **** ****, ** ******* the ***, *** ******** what ** ******, *** what ** *********, **** it ***** ** ********* the ******* ******** ** their ********.

[***************]

GURU *** ********

*****'* **** *** ** ******** ** ** a ******* ******* **** tool, ****** ******* ********** and *********** **** **** end-users. ***** *** *** documentation *** *************** **** from *** ***, ****** a ******* ******, ** use ** ** ******* a ******* *** ** necessary. *** *** ***** to ** ** *** same *** ** *** recorder, ***** ** ******* done ** ******** * wifi ****** **** *** recorder ** ****** * local **** ******* *** the ***** ******* *** app ** ******* **.

* ********* ***** **** March ******** **** **** the ******* *** ********* and *********:

Security ***** *************

***** ********* * ******** audit ******** [**** ** longer *********] ** ** update ** ****, ***** performs * ***** ****** check, ******* ** *** criteria **** **:

  • ***** *** ***-******* ***** password
  • ***** *** ***-******* ****** connection *****
  • ***** **** *** **** is ****** (*** ** sometimes ******* *********** *** provisioning *** ********)
  • ***** **** **** ** disabled
  • ***** *** *** **** sync ** *****

*** *** ******** ****/*******/*** status *** ******* **********, depending ** **** ** finds. ***** *** **** create * *** ****** to ***** ***,**** ** * ****** PDF ** ** ***** check.

Limitations ** ***** ***

*** **** ******** ***** does *** ******* *** direct ***** ** *** recorder, ** ****** ****** on *** ******** ** report *** *************. *** recorders **** **** *** ability ** ****** ******* that ***** ** ****** and ******* ** ****** back ** *** ***. This ***** **** * recorder ***** **** *** audit ***** *****, *** still ** ******* **** form ** ****** ********, or ******** ********* **** out ** ** ******** server. ** ******, *** chances ** * ******** being ****** ** *** recommendations *** ******** *** quite *****, ** ** important ** **** **** a **** "****" **** the *** **** *** mean *** ****** ** guaranteed immune ** *******, *** it **** ******** **** it ** ** ***** not ** **** ******.

******* *** *** *** only ** **** ** a ***** *******, *********** can *** *** **** to ************ ***** ** on ********* *** ********* to ****** **** ** network ******** ******** **** been ******* ** ****** security *****.

Good ***** **** 

**** **** *** *********** noted *****, **** ** still * **** **** on *****'* **** ** help *********** ****** ******, and ******, ***** *********. We ***** *** *** app ******** ** ******* more ******, **** ** a ******** ********* ***** to ****** **** ** rogue ******** *** **** installed ** *** ********, and ***** *** ********* to ** **** **** will *********** **** ******** into ****** ******** *** improvements.

What ***** ***** ************* **?

**** ******** ************ *** uncommon ** ***** ************. Some ********* ************ ***** this **** ***** *******:

  • **** ****-**** ** ******** verify ***** *** ****** and ***** *** ***** open ***** **** *** be **** ***************
  • ******-***** ********** ** ***** that ****** ***** *** opened *** **** ******* simple ********* *****
  • ******** (*** ********** *******) configured ******** **** **** not **** **** ** 30/60/90 ****

*** **** *********** ** the ******** ***** *** audit **** *** ************.

Comments (2)

Michael Miller

12/01/16 06:16pm

It would be nice to have a universal tool to scan networks to see if default user/passwords are used on a customers IP camera network. Basically the Mirai virus minus the malicious part.

Undisclosed #1

IPVMU Certified | 12/01/16 07:33pm

...GURU security audit does not perform any direct tests on the recorder, it simply relies on the recorder to report its configuration

So this is for March equipment only? Too bad.

If its propreitery and they are going to take the recorder's word for it, why not have the nvr email you in the event that the status goes to BAD?

Read this IPVM report for free.

This article is part of IPVM's 6,374 reports, 858 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Secure Boot Could Eliminate Botnets - But Manufacturers Ignore It on Dec 29, 2016
Increased cyber attacks have motivated video surveillance manufacturers to begin to release hardening guides, instructing users on how to better...
Genetec Now Detects Insecure Camera Firmware on Nov 29, 2017
Genetec is heavily emphasizing cyber security and cyber resilience. From initiatives like CHAVE to 2 Factor Authentication to Expelling...
Locking Down Network Connections Guide on Apr 23, 2019
Accidents and inside attacks are risks when network connections are not locked down. Security and video surveillance systems should be protected...
Google Found Software House Vulnerability Allows Inside Attacker To Open Doors on Sep 04, 2018
A vulnerability in Software House IP-ACM modules allows an attacker to potentially unlock doors, or perform other actions, on affected systems....
SNMP / Network Monitoring For Surveillance on Aug 21, 2018
Surveillance systems typically rely on the the VMS to report issues, but this most often just means knowing a camera is "down" with no warning or...
Milestone Entry Level Mobile Password Vulnerability Disclosed on May 24, 2017
While many manufacturers have only addressed cybersecurity vulnerabilities after public disclosures were made (or threatened), Milestone has...
Vivotek Trend Micro Cyber Security Camera App Tested on Jul 22, 2019
Vivotek and Trend Micro are claiming five million blocked attacks on IP cameras, with their jointly developed app for Vivotek cameras. This new...
Securing Access Control Installations Tutorial on Oct 17, 2019
The physical security of access control components is critical to ensuring that a facility is truly secure. Otherwise, the entire system can be...
VMS Server Sizing on May 25, 2018
Specifying the right sized PC/server for VMS software is one of the most important yet difficult decisions in IP video surveillance. In the past...
IPVM Vulnerability Scanner Released / Deprecated on Jun 18, 2018
IPVM is proud to announce video surveillance's first and only cybersecurity vulnerability scanner. This tool allows quickly and simply...

Most Recent Industry Reports

Sperry West / Alibaba Tablet Temperature Measurement Tested on Jul 07, 2020
In April, we ordered a ~$500 temperature tablet from Alibaba. We set it to the side while doing 18 other temperature screening tests but, after...
Video Surveillance 101 Book Released on Jul 07, 2020
IPVM's unique introduction to video surveillance series is now available as a 145-page eBook. Designed for managers, salespeople, and engineers new...
Startup Duranc Presents AI VSaaS on Jul 06, 2020
Duranc presented its system at the May 2020 IPVM Startups show. A 30-minute video from Duranc including IPVM Q&A Background on the...
Low Voltage Nation Wants to "Help You Carve Out A Fulfilling Career" Interviewed on Jul 06, 2020
It is difficult to make your way in this industry as there is little formal schooling. However, one person, Blake Urmos, the Founder of Low Voltage...
The Next Hot Fever Detection Trend - $100 Wall-Mounted Units on Jul 06, 2020
The first wave of the booming fever detecting market was $10,000+ cameras, now interest for ~$2,000 tablets is high and the next big thing may be...
Cisco Meraki Unlocks IP Cameras With RTSP Tested on Jul 06, 2020
Meraki opened up its cameras to 3rd party NVRs/VMSes by offering RTSP streaming because of "the need to solve a business problem". We tested...
Hikvision Illicitly Uses Back To The Future In Marketing on Jul 03, 2020
NBCUniversal told IPVM that Hikvision UK's ongoing coronavirus marketing campaign using NBCUniversal's assets was not allowed. Hikvision mass...
Verkada: "IPVM Should Never Be Your Source of News" on Jul 02, 2020
Verkada was unhappy with IPVM's recent coverage declaring that reading IPVM is 'not a good look' and that 'IPVM should never be your source of...
Vintra Presents FulcrumAI on Jul 02, 2020
Vintra presented its FulcrumAI object recognition and mask detection offering at the May 2020 IPVM Startups show. Inside this report: A...