Mobotix First CNPP CCTV Cybersecurity Certification Examined

By Charles Rollet, Published Sep 05, 2019, 09:37am EDT

Mobotix recently became the first video surveillance manufacturer to receive the CNPP cybsersecurity certification for its cameras, in which they originally declared a "guarantee of IT and electronic resistance to cyber-attacks."

IPVM Image

*** *** ** **** and *** ** ***** certification ********? **** **** it ******* **? *** what, ** ********, **** this *********? **** ***** with ******* *** ******** several ******, *********:

  • *********** ********
  • *******'* ***** ** "********** to ******* *******"
  • **** **********: ******* ****** Nonprofit
  • *** "*********" *** **********
  • ********* ** **** ******
  • ********** ** **
  • **********: ******* ****** ** Certifications

Certificate ********

******* ******** ***** "********* CNPP" ************ ************ *** different ****** ******, ** shown** *** **** *******:

IPVM Image

***** *** *** *** cameras' **** ******:

***** *** *** ***** certificates:

******* **** **** *********** applies ** *** ******* cameras ****** *** ******** **** ****, ***** ** ******* more *****.

************

**** ** ************** ************* ************ *** is************ * ********* *********** ***. **** ******** ************ for * **** ***** of **********:

IPVM Image

***** **** ** *******, is *** ****** **** the ****** ********** ******, for ******* ****-**************** ** ****** ****************, ******'* ******** ************** agency. *** ******* **** Certified ************ **** *** first-ever *** ***** ************ cameras,** *********:

IPVM Image

How *** ************* *** ********

*** ******* *******' "********** to ******* *******" *** given * "***** *" score, ***** ** ****'* '** *****–*** **-**' ******* criteria:

IPVM Image

***** *** * ***** of * ******, **** 0 ***** *** ***** and * *** ****. Level * ** *** minimum ** ****. ***** 2 ***** ** ***** one "*** ********" ************* was **********:

IPVM Image

******* ********* *** *************** remaining ** ****:

  • Camera *** *********: no 2-factor authentication; another level of complexity required for the password; users not informed of firmware updates.
  • MxManagement ******: "limit connection trials to 20 attempts max per hour"
  • MxManagement ****** *** *** *********: "currently, along with the software updates we provide 128 bits MD5 checksums. This is not following the ANSSI recommendations asking for at least 200 bits. SHA-256 or 512 should be used."

******* **** **** **** working ** ****** *****:

** *** ********* ******* on ***** *******. **** the ******* **** **** completed, ** **** ** re-certify ** ** ****** to ******* ***** * status.

*** ****** ******* ******* ************* **** ******** * mix ** ************* ****** analysis *** *********** *******.

Not '*********' *** '**********'

*******, ** *** ******** press ******* ******* ******* these **** ************ ******* a "*********":

IPVM Image

**** ***** ******* ***** this ***** * "*********" is ********* ****** ****** ***** ******** **** Mobotix ******** ** **** never ** ****** ** will ****** ********* ** such * ********.

***** ** ******* **** out, ******* ************ **** "we ***'* ******** ********* there **** ** ** penetration ****" *** ********* there ***** ** ** monetary ************ ** **** of * ****. **** then******* *** ***** ********* "**********":

IPVM Image

MOVE ******** **** ****, ******* **** **** *** ** *** ** ****

*******'* ***** ******* **** CNPP ***** *** *** cameras ****** "*** ** its ******* ***** ************ camera *******" ***** "*** complete * ****** ***** uses * ****** ********, without *** *********** ** the **** *********."

***** **** ***** *****,*******'* **** ****** ***'* **** ********* and **** ********* ******** so ** *** ******* by *** **** *************. However, **** *** *** disclosed ** *******'* ***** release. ** ********, ******* said:

** ******* ** *********** on *** *** **** of ******* ********* ** they ********* *** **** DNA ** *******.** *** end ** ** [******** year] **** ** *** planning ** *** *** MOVE ****** ******* *** same **** ************* *******.

Compared ** **

** ******** ************* ************* for **-********* ******** ** 2016 ******* ***** **** ******. ** **********,****** ********* **** ******** this ****, ******* *** its******** ****** ******** ***, *** *** ************ ***, ************ *** ***** ***** OEMed ***** ******.

** ******** ** *******, those ********* *** *** claim *** **** ** "guarantee" ** ***** *******. Additionally, *** ***** *** Genetec *** *** *** clearly ****** **** *** beginning, ** ******** ** Mobotix ******* *** *** MOVE ****** *** *** disclosing ****.

**** *************, **** *** limited ************* ** **** and **'* ********, **** seem ******* ** **** there ** * *** of ******* ******** *** penetration *******.

*******, ** ***** ** North *******, *** ** brand ** **** ****** known ***** **** ** not.

**********

******* ***** ************* ********* to ** ** *****. Companies *** *** ***** eager ** **** ********** claims, ********* **'** ******** recently **** **** (************ ****-***** ***** ***************** ******** *** *** GDPR *********, ** ******** Can **).

******* *************, ** ***** when ** ******** **** detailed ******* **********, *** be **********. ****** *** lack ** ******** ******* of **** ******, ** in *******'* ****, ** a *******.

**** *******, ******* *** bigger ********** **** *************, as *** ******* ********* to ******* ***** *** exit ** *** ******* who **** ******** ********* needed *******. ******* **** a *** ******** **** be ******** **** *** that **** ** *** to *** **** ****** Mobotix *** ** *** next ******.

Comments (2)

"Mobotix says a new platform will be released soon and that will be key to see what future Mobotix has in the next decade."

I doubt it - they have a crappy support system in the US. The support engineers gloss over ticket details and aren't technical enough sometimes to understand the case notes from the user. It feels that they're always in a rush to close a ticket..

Personally I feel that even if they revamp the platform (MX7?) it'll do them no good if they don't have a strong support team.

Agree
Disagree
Informative
Unhelpful
Funny

My distributor stepped up as Mobotix support resource.

Found interesting recent Mobotix cyber security patch firmware applied to even 10-14 year old M series cameras still in service. Hard to find a Mfg supporting legacy product. Microsoft doesn’t.

Agree: 1
Disagree
Informative: 2
Unhelpful
Funny
Read this IPVM report for free.

This article is part of IPVM's 7,199 reports and 959 tests and is only available to subscribers. To get a one-time preview of our work, enter your work email to access the full article.

Already a subscriber? Login here | Join now
Loading Related Reports