Mobotix First CNPP CCTV Cybersecurity Certification Examined

By: Charles Rollet, Published on Sep 05, 2019

Mobotix recently became the first video surveillance manufacturer to receive the CNPP cybsersecurity certification for its cameras, in which they originally declared a "guarantee of IT and electronic resistance to cyber-attacks."

mobotix cnpp certificate

*** *** ** **** and *** ** ***** certification ********? **** **** it ******* **? *** what, ** ********, **** this *********? **** ***** with ******* *** ******** several ******, *********:

  • *********** ********
  • *******'* ***** ** "********** to ******* *******"
  • **** **********: ******* ****** Nonprofit
  • *** "*********" *** **********
  • ********* ** **** ******
  • ********** ** **
  • **********: ******* ****** ** Certifications

Certificate ********

******* ******** ***** "********* CNPP" ************ ************ *** different ****** ******, ** shown** *** **** *******:

***** *** *** *** cameras' **** ******:

***** *** *** ***** certificates:

******* **** **** *********** applies ** *** ******* cameras ****** *** ******** **** ****, ***** ** ******* more *****.

************

**** ** ************** ************* ************ *** is************ * ********* *********** ***. **** ******** ************ for * **** ***** of **********:

***** **** ** *******, is *** ****** **** the ****** ********** ******, for ******* ****-**************** ** ****** ****************, ******'* ******** ************** agency. *** ******* **** Certified ************ **** *** first-ever *** ***** ************ cameras,** *********:

How *** ************* *** ********

*** ******* *******' "********** to ******* *******" *** given * "***** *" score, ***** ** ****'* '** *****–*** **-**' ******* criteria:

***** *** * ***** of * ******, **** 0 ***** *** ***** and * *** ****. Level * ** *** minimum ** ****. ***** 2 ***** ** ***** one "*** ********" ************* was **********:

******* ********* *** *************** remaining ** ****:

  • Camera *** *********: no 2-factor authentication; another level of complexity required for the password; users not informed of firmware updates.
  • MxManagement ******: "limit connection trials to 20 attempts max per hour"
  • MxManagement ****** *** *** *********: "currently, along with the software updates we provide 128 bits MD5 checksums. This is not following the ANSSI recommendations asking for at least 200 bits. SHA-256 or 512 should be used."

******* **** **** **** working ** ****** *****:

** *** ********* ******* on ***** *******. **** the ******* **** **** completed, ** **** ** re-certify ** ** ****** to ******* ***** * status.

*** ****** ******* ******* ************* **** ******** * mix ** ************* ****** analysis *** *********** *******.

Not '*********' *** '**********'

*******, ** *** ******** press ******* ******* ******* these **** ************ ******* a "*********":

**** ***** ******* ***** this ***** * "*********" is ********* ****** ****** ***** ******** **** Mobotix ******** ** **** never ** ****** ** will ****** ********* ** such * ********.

***** ** ******* **** out, ******* ************ **** "we ***'* ******** ********* there **** ** ** penetration ****" *** ********* there ***** ** ** monetary ************ ** **** of * ****. **** then******* *** ***** ********* "**********":

MOVE ******** **** ****, ******* **** **** *** ** *** ** ****

*******'* ***** ******* **** CNPP ***** *** *** cameras ****** "*** ** its ******* ***** ************ camera *******" ***** "*** complete * ****** ***** uses * ****** ********, without *** *********** ** the **** *********."

***** **** ***** *****,*******'* **** ****** ***'* **** ********* and **** ********* ******** so ** *** ******* by *** **** *************. However, **** *** *** disclosed ** *******'* ***** release. ** ********, ******* said:

** ******* ** *********** on *** *** **** of ******* ********* ** they ********* *** **** DNA ** *******.** *** end ** ** [******** year] **** ** *** planning ** *** *** MOVE ****** ******* *** same **** ************* *******.

Compared ** **

** ******** ************* ************* for **-********* ******** ** 2016 ******* ***** **** ******. ** **********,****** ********* **** ******** this ****, ******* *** its******** ****** ******** ***, *** *** ************ ***, ************ *** ***** ***** OEMed ***** ******.

** ******** ** *******, those ********* *** *** claim *** **** ** "guarantee" ** ***** *******. Additionally, *** ***** *** Genetec *** *** *** clearly ****** **** *** beginning, ** ******** ** Mobotix ******* *** *** MOVE ****** *** *** disclosing ****.

**** *************, **** *** limited ************* ** **** and **'* ********, **** seem ******* ** **** there ** * *** of ******* ******** *** penetration *******.

*******, ** ***** ** North *******, *** ** brand ** **** ****** known ***** **** ** not.

**********

******* ***** ************* ********* to ** ** *****. Companies *** *** ***** eager ** **** ********** claims, ********* **'** ******** recently **** **** (************ ****-***** ***** ***************** ******** *** *** GDPR *********, ** ******** Can **).

******* *************, ** ***** when ** ******** **** detailed ******* **********, *** be **********. ****** *** lack ** ******** ******* of **** ******, ** in *******'* ****, ** a *******.

**** *******, ******* *** bigger ********** **** *************, as *** ******* ********* to ******* ***** *** exit ** *** ******* who **** ******** ********* needed *******. ******* **** a *** ******** **** be ******** **** *** that **** ** *** to *** **** ****** Mobotix *** ** *** next ******.

Comments (2)

"******* **** * *** platform **** ** ******** soon *** **** **** be *** ** *** what ****** ******* *** in *** **** ******."

* ***** ** - they **** * ****** support ****** ** *** US. *** ******* ********* gloss **** ****** ******* and ****'* ********* ****** sometimes ** ********** *** case ***** **** *** user. ** ***** **** they're ****** ** * rush ** ***** * ticket..

********** * **** **** even ** **** ****** the ******** (***?) **'** do **** ** **** if **** ***'* **** a ****** ******* ****.

** *********** ******* ** as ******* ******* ********.

***** *********** ****** ******* cyber ******** ***** ******** applied ** **** **-** year *** * ****** cameras ***** ** *******. Hard ** **** * Mfg ********** ****** *******. Microsoft *****’*.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Dahua New Critical Vulnerability 2019 on Sep 23, 2019
Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored...
ONVIF Exposure To "Devastating DDoS Attacks" Examined on Sep 06, 2019
ZDnet reported "Protocol used by 630,000 devices can be abused for devastating DDoS attacks", citing exposure of ONVIF devices. And after an...
Warning: Windows 7 Update Crashing NVRs on Aug 26, 2019
Windows 7 updates are causing VMS servers to fail to boot. After running the update, impacted systems do not boot as normal, instead display this...
Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More on Aug 26, 2019
Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered...
Axis Suffers Outage, Provides Postmortem on Aug 15, 2019
This week, Axis suffered an outage impacting their website and cloud services. Inside this note, we examined what happened, what was impacted...
Honeywell Speaks On NDAA Ban, New Non-Banned Cameras and Cybersecurity on Aug 06, 2019
For years, Honeywell has depended on Dahua, a company with a poor cybersecurity track record and now banned by the US NDAA, for the development and...
Dahua Wiretapping Vulnerability on Aug 02, 2019
IPVM has validated, with testing, and from Dahua, that many Dahua cameras have a wiretapping vulnerability. Even if the camera's audio has been...
LifeSafety Power NetLink Vulnerabilities And Problematic Response on May 20, 2019
'Power supplies' are not devices that many think about when considering vulnerabilities but as more and more devices go 'online', the risks for...
Security Fail: ASISNYC Auto Emails Passwords In Plain Text on May 14, 2019
ASIS NYC automatically emails a user with the password the user just entered, in plain text, when one registers for the site / event, as the...
Verint Victimized By Ransomware on Apr 18, 2019
Verint, which is best known in the physical security industry for video surveillance but has built a sizeable cybersecurity business as well, was...

Most Recent Industry Reports

FLIR New Coronavirus Prioritized Temperature Screening Camera Examined on Apr 03, 2020
FLIR has announced a new series of thermal cameras "prioritized for entities working to mitigate the spread of COVID-19 virus", the A400/A700...
ADI Branch Burglary on Apr 03, 2020
A security systems distributor branch is an odd target for burglary but that happened this week at ADI's Memphis location. Vehicle Smash &...
YCombinator AI Startup Visual One Tested on Apr 02, 2020
Startup Visual One, backed by Silicon Valley's powerful Y Combinator, aims to be "Your 24/7 Watchman" with advanced analytics and object...
Free IPVM Memberships For The Unemployed on Apr 02, 2020
IPVM is giving 3-month free memberships (regular price $99) for the unemployed, no questions asked. To get it, just contact us, your request...
Dahua Faked Coronavirus Camera Marketing on Apr 01, 2020
Dahua has conducted a coronavirus camera global marketing campaign centered around a faked detection. Now, Dahua has expanded this to the USA,...
Video Surveillance Trends 101 on Apr 01, 2020
This report examines major industry factors and how they could impact video surveillance in the next 5 - 10 years. This is part of our Video...
USA's Seek Scan Thermal Temperature System Examined on Apr 01, 2020
This US company, Seek, located down the road from FLIR and founded by former FLIR employees is offering a thermal temperature system for the...
Terrible Convergint Coronavirus Thermal Camera Recommendation on Apr 01, 2020
A week after Convergint disclosed falling revenue, pay and job cuts, Convergint is touting 'extensive research' that is either grossly incompetent...
The IPVM New Products Online Show April 2020 Opens With 40+ Manufacturers on Mar 31, 2020
IPVM is excited to announce the first New Products Online show, with 40+ manufacturers, to be held April 14 to the 16th, free to IPVM members,...