IP camera hacks have become a growing problem affecting users and the organizations they work for. While camera vendors have an important role to play, the users themselves should also take necessary measures to secure their products.
More and more, CCTV cameras have become a part of the Internet, and as such they face the same kind of threats and risk as all other devices sitting on the network. According to a
blog post by Jungle Disk, in 2014 73,000 unsecured cameras were hacked and made available to the general public, and of that 11,064 cameras were in the United States. Since then, reports of hacks against IP cameras and NVRs kept coming out, the most notorious being the DDoS attacks against Dyn, resulting in shutdowns of major websites across the world.
These incidents underscore the importance of camera vendors making efforts to harden their products and devices so they are more secure against outside threats. However, cybersecurity is a two-way street. While the vendor has a major role to play, the user themselves should also take action to make their networkable devices more resistant to risk.
“Each camera vendor has multiple models, and each model has a specific firmware version that needs to be upgraded on each camera device of that model. That turns out to be a whole lot of management. End users and integrators must be educated on the problem. Ultimately the problem is not owned solely by the camera vendor; the VMS vendor, the integrator, the end user’s IT organization and solution vendors have a role to play,” said Bud Broomhead, CEO of
Viakoo.
Selecting the right camera
For the end user, the best practices against security breaches began with choosing the right camera. At the current stage, there lacks clear market standards on how to pick a “secure” camera. However there are still tips that the user can follow.
“Firstly, ensure your camera has proper technical support for users. Aside from always purchasing retail, remember to search for device manufacturers that provide regular security updates. Manufacturers with professional product management services will regularly issue security updates upon the identification and rectification of a vulnerability in their devices,” said Cheng Lai Ki, Cyber Operations Consultant at
Horangi Cyber Security.
“Subsequently, search for devices with security and privacy features. Most IP cameras have default factory settings governing various security features (that is, password and video encryption), and some even have settings that determine how your video feeds are stored or shared with third-party vendors associated to the manufacturer,” he added. “When shopping around for IP cameras, identify ones where you can configure these settings to provide you with greater oversight of your device’s security and data privacy.”
How do you know when your camera is hacked
Knowing that a camera has been hacked or compromised in any way could help the user take remedial actions quickly. However, there’s no easy way to tell this is happening. “It is really hard to know that. Most cameras were not designed with cybersecurity practices in mind, so they do not contain the right native capabilities to detect or prevent hacking attempts. There are rare situations where the user would know that his camera is hacked, for example, when there are problems with the video streaming. In most cases, the attacker will try to stay undiscovered,” said Alon Levin, VP of Product Management at
VDOO. “Currently, there are no easily accessible tools that users can use in order to find out whether their camera has been hacked or not. In specific cases, it may be the case that indicators that can point to a hack exist. However, it really depends on the specific hacking scenario and the camera.”
“In many cases the camera device may be infected, but the organization is not aware of it. In 2017 Trend Micro reported that 51 percent of cameras they tracked had one or more malware agents present on them, without the organization being aware,” Broomhead said.
Still, the user may try the following three approaches to detect compromises. One is through websites such as Shodan.io, which claims to be the world's first search engine for Internet-connected devices; and Insecam.org, which finds unsecured IP cameras worldwide, classified by countries, cities and manufacturers (Axis, Bosch, Mobotix, Panasonic and VIVOTEK, among others).
The second approach is through the use of security monitoring solutions. “Using tools like Eidola can help with establishing sound pre-deployment configuration, and that gives an easy way to test post-deployment configuration for changes, whether malicious or accidental. There are also tools like Vunetrix for monitoring the MIB’s for anomalous camera behavior, as long as the MIB’s have been created properly,” said Andrew Lanning, Co-Founder of
Integrated Security Technologies.
Finally, the user can check the camera itself to see if it’s exhibiting any strange behavior or anomalies. “For instance, pay attention to the illuminated LED light next to the camera. That light usually indicates that the device is operational. Should the LED light be turned on without your knowledge, something is indeed amiss. If the camera has pan, tilt and zoom, another indicator of compromise could be that the camera is pointed in a different direction than it was left the last time it was known to be used. Either of these could be telltale signs that your IP camera has been hacked,” Ki said. “More advanced users can also access the device’s user interface to determine if any security settings have been maliciously altered. Alternatively, you can also pay attention to your network traffic associated to the device’s operation periods. Any abnormal spike could be an indicator of malicious activity.”