With video surveillance cameras becoming increasingly digital and getting connected with a number of other devices under the grand scheme of the Internet of Things (IoT), cybersecurity is a major problem. Reports of some recent cyber-attacks suggest that data from video surveillance cameras are as vulnerable as any other when it comes to breaches.
With video surveillance cameras becoming increasingly digital and getting connected with a number of other devices under the grand scheme of the Internet of Things (IoT), cybersecurity is a major problem. Reports of some recent cyber-attacks suggest that data from video surveillance cameras are as vulnerable as any other when it comes to breaches.
In this context, it is important that customers and systems integrators have a thorough knowledge of how hackers attempt to access cameras. This will help them understand the risks involved and, often, take necessary measures. We talked to some experts in the field to get their views on this.
“The unfortunate reality today is that it is relatively easy for attackers to try and get access to connected surveillance cameras,” said Alon Levin, VP of Product Management at
VDOO Connected Trust. “Attackers are doing so today in a variety of ways, it doesn’t matter if you are a high-end maker of camera or any other security and safety system or if you are a much lower tier manufacturer - your devices will be usually subject to similar attack methods and threats.”
Being more specific on the methods used by hackers, Aamir Lakhani, Senior Security Strategist at
Fortinet said that attackers in many cases scan known camera protocols and ports. They will try and simply browse or access the management pages of the devices. If that does not work, they use sophisticated scans that will find the camera and mimic an authorized user.
To a large extent, the issue boils down to the options that manufacturers provide to their customers. When it comes to small manufacturers, especially those who target consumers directly, the problems are extremely basic. These include not enforcing a change of default password, protecting the boot process, or encrypting communication.
“Unfortunately, attackers do not have to use software vulnerabilities to attack surveillance cameras,” Levin said. “Many design flaws allow attackers to get access to connected devices. In the last few years, we’ve seen attacks utilizing the lack of password change enforcement or utilizing the fact that the device secure communication is not properly implemented.”
When it comes to larger manufacturers who cater to businesses and enterprises, the problem is more with the implementation rather than the use of essential elements. Levin pointed out that at this level, the critical components are present but are often either implemented in a wrong or partial way.
“This practically makes the vulnerabilities exploitable,” he said. “If one is implementing the security building blocks properly - even if vulnerability exists, it would be much harder on the attacker to utilize it. Attackers can also leverage the fact that cameras are utilizing known software vulnerabilities, in open source, third party or first party libraries. These methods usually suffice, however, in some cases – attackers are actively looking for new unknown vulnerabilities to achieve their goals.”
Speaking further on the vulnerabilities, Levin said that web servers are a relatively vulnerable component common in surveillance cameras. Hackers may often be seen utilizing vulnerabilities in third-party web servers in order to get access to the camera.
“Lastly, we see attackers utilizing a vulnerability class of command injection – using a legitimate interface to inject malicious command as a target for attackers looking for new vulnerabilities,” Levin added.
Lakhani said that apart from the issue of default passwords, there may also be hidden usernames and passwords that manufacturers leave in the code, perhaps for testing, and have been discovered by hackers. Then there are other methods that have more far-reaching consequences.
“Vulnerabilities also get more serious, in some cases attackers are able to run basic bypass attacks to get past weak security authentication methods accessing the camera,” he added. “In more sophisticated cases malware uses vulnerabilities in bad code of the camera to load software and attack other targets on the Internet.”