Cracking down on camera hacks _ part 1

Cracking down on camera hacks _ part 1
Recent reports on baby cam hacks raised new concerns over malicious intrusion into networked security devices. The threat is even more imminent for home and small business users who are not as well protected as their enterprise counterparts. Luckily for them, most of today’s network camera manufacturers work hard to keep flaws to a minimum and equip their products with various security features.

ACCESS

Unauthorized access to a system can be prevented by a simple yet effective method called password protection. Most network cameras today allow users to create their own usernames and passwords, which can be secured through various means. Zinwell, which makes power line-based home security cameras, has patented a technology that keeps passwords from being sent out to the Internet. “In that case, hackers won’t be able to get passwords from the Web,” said Ben Huang, Senior Marketing Supervisor at Zinwell. Encryption of passwords is another protection method. “The user has the option to let the system remember passwords, and if so the client protects the password with encryption,” said Juhlin.

Once a user accesses the camera, it’s a good idea for the device to have multilevel access control based on the user’s privilege. For example, a regular user may only view streaming video, while an administrator may access the camera’s storage or control the device. In fact, most network cameras today offer this functionality. “This means users can control exactly who can see what in their system, and that their video is safe from any form of third-party manipulation,” Juhlin said.

ENCRYPTION 

Many IP cams also allow encryption. The videos can be encrypted before being sent over to the network to make sure that unauthorized persons cannot view or tamper with the data. Different encryption technologies are used. One of the most commonly used is SSL/TLS, which encrypts contents with special codes that can be deciphered only by pairs of public and private keys, the latter of which are hidden in the computers of the communicating parties. As private keys can be obtained in a security breach, Bosch, whose Advantage line also targets home and SMB users, makes sure that this will never happen. “The SSL private key of the device is stored securely on the smart card chip that is directly involved in the SSL connection setup. The private key never leaves the chip and cannot be read out even if the user has complete access to the device,” said Konrad Simon, Product Manager for IP Video at Bosch Security Systems. “This way no access is possible to the private key, even in a hostile approach someone would have achieved to read sensitive data from internal memory.”
Advanced encryption standard (AES) is a protocol that encrypts contents with 128-bit, 192-bit, or 256-bit keys, making encoded messages harder to decipher by untrusted parties. Among camera makers that use AES is Amaryllo, another home security camera maker. It uses 256-bit encryption, at the same time ensuring that video latency is less than 0.5 seconds.

_ Methods for secure IP cameras: 
_Conduct penetration tests before the release of a product to make sure it can withstand hacking. 
_Conduct source review on a regular basis to minimize the risk of intrusion. 
_Hold security training courses, taught by experienced intrusion defense experts, to discuss the latest security issues and raise product developers security awareness. 
_Create a network security department for safety-related inspections and review. 
_Be up-to-date with vulnerabilities on third-party software, like OpenSSL, to make sure that problematic software isnt incorporated into a product. 
_Always provide security updates to users, instead of having them go to the vendor’s website to find them.


Share to:
Comments ( 0 )