Vendors take actions to ‘secure security devices'

Vendors take actions to ‘secure security devices'

The distributed denial-of-service (DDoS) attack on an Internet performance and management company towards the end of last year, in which IP cameras and NVRs were suspected of being used as robotic attackers, again raised awareness on how to “secure security devices.” Against this backdrop, various security vendors reiterated that they have taken actions against cyber threats and attacks.

In the October incident, a DDoS attack was launched against Dyn, leaving various service sites including Amazon, the Financial Times and Netflix inaccessible. The source code of the “mirai” malware that was responsible included various default username-password pairs that, upon close examination, came from known security brands, according to the blog Krebs on Security. How to protect their security equipment from being attacked, then, has again become a major focus for vendors.

Arecont Vision, which maintains none of its devices were affected in the incident, said it took cybersecurity very seriously. “Our engineers instituted 16-digit ASCII character passwords quite some time ago to increase security to limit unauthorized access to our cameras. We added this out of the box for new cameras we ship, and as firmware updates for older cameras that were already installed around the world,” said Jeff Whitney, VP of Marketing at Arecont Vision.

Whitney mentioned other features that make Arecont Vision devices invulnerable. “At the core of each Arecont Vision camera is our custom-designed FPGA integrated circuit on which we run our proprietary firmware,” he said. “Should a hacker gain access to an Arecont Vision camera or obtain the user ID and 16-digit ASCII password to log into a camera, anything they do would solely impact that particular device. A hacker would not be able to remotely repurpose an Arecont Vision camera into a bot for Distributed Denial of Service (DDoS) attacks or to otherwise attack other devices on the network. Other cameras and network devices are not as protected.”

Hikvision, meanwhile, also places a strong emphasis on cybersecurity. According to the company, since 2014 it has established appropriate departments and taken relevant measures to counter cyber threats. The measures include: a special taskforce responsible for setting Hikvision’s security standards; the Hikvision Security Response Center (“HSRC”) and Ys7 Security Response Center (“YSRC”), which are in charge of receiving, reporting, and disposing of any and all security-related vulnerabilities with professional security emergency response mechanism; partnering up with several renowned security data and analytics companies to perform ongoing penetration tests and vulnerability assessments of Hikvision products; and requirements that whoever is setting up the device needs to change the default username/password and use a more complicated one.

“Cybersecurity is a major concern for all physical security manufacturers in the Internet of things (IoT) era. We continue to take steps to improve our products, including having them tested by leading third-party cybersecurity firms to minimize any potential security risks,” said Yangzhong Hu, President of Hikvision.



Product Adopted:
Other
Share to:
Comments ( 0 )