How to keep your IP camera system cyber-secure
Source: William Pao, a&s International
It goes without saying that video surveillance
is moving more and more toward IP. While this brings various benefits, the issue of cybersecurity
has also arisen, forcing manufacturers and users alike to take proper measures against cyberattacks.
Video surveillance is increasingly migrating from analog to IP. A mid-year research note by IHS Markit points out a total of 70 percent of all security cameras shipped in 2018 were network cameras, adding at the same time, global shipments of HD CCTV cameras, also known as analog HD cameras, fell in 2018.
Network video indeed carries various benefits. For example, it is now easier to integrate video with other systems on the network to enable better situational awareness. With network video, resolution can be much higher, and analytics of various types can be applied to make better use of the video. Further, video can be accessed remotely.
Yet there are also disadvantages, the biggest being cybersecurity as IP cameras and NVRs are now networked devices that are subject to intrusion and hacking. Damage can range from changes to camera settings to leaked video to something more serious.
Examples are numerous. Baby cams moving on their own, capturing sleeping babies or mothers breastfeeding have been reported. Meanwhile in 2018, dozens of IP cameras were hacked across Japan, and in most cases a message that read “I’m Hacked. bye2” was left on their screens apparently by the hacker.
Then, in October 2016, a series of coordinated cyberattacks were launched against Dyn, an Internet performance management company based in New Hampshire, resulting in service disruptions across various famous sites including Airbnb, Amazon.com and The Boston Globe. It was later found out a botnet of Internet of Things devices, including IP cameras and network video recorders, were used in the attack after being infected with the Mirai malware.
Vulnerabilities and ways to address them
So what are some of the means by which hackers can intrude into the camera system? A major one is default username and password, which are readily searchable on the internet. Failure to install software/firmware patches, issued by camera manufacturers once a vulnerability is found, provides another avenue for exploitation.
Also, open ports are another vulnerability. “Having access to your security cameras from anywhere at any time is very valuable. However, in most video management systems
(VMS), this requires creating a doorway into your network to access the video streams,” said a recent blogpost
by TSG Security. “This creates an opportunity for exploitation and exposes the network to unwanted entry. Fortunately, there are advanced VMS currently available to eliminate the need for inbound communication requests. Furthermore, these systems require multiple levels of authentication by the remote users.”
According to the post, there are ways to protect the video surveillance system
against hostile actors. Changing default username and passwords and upgrading/patching software and firmware once issued by the manufacturers are pretty straightforward. Further, deploying camera and video system health monitoring is also advised.
“Most new systems provide system health monitoring tools. The cameras are your security eyes (and ears in some cases). Who is monitoring the cameras and video system to ensure it is functioning properly and not being attacked?” the post asked.
Unused camera services and encryption are other aspects that the user should beware of. “Turn off or disable unused camera services. Cameras are often shipped with all of the features and functions turned on by default,” the post said. “If you’re allowing remote access to the VMS, use SSL encrypted traffic, RTSP/HTTPS or other secure communication methods that make sense for your situation. Not all VMS owners/users have access to IT departments, but you do have access to someone that can help.”