Security cameras have become more and more IP-based. A direct consequence of this trend is cyberattacks and other types of threats against network cameras, which are just like every other device on the network.
Needless to say, security cameras have
become more and more IP-based. A direct consequence of this trend is cyberattacks and other types of threats against network cameras, which are just like every other device on the network.
“With CCTV systems connected to IP infrastructure along with associated devices, the networks are at a risk of being hacked, especially those on the legacy networks. The devices were left connected to the Internet and were left on default credentials. In this case, the attackers developed software that scoured the internet searching for vulnerable devices, which they then took control using their own malicious software,” said Vinayak Sane, COO of Elmark Engineers.
“IP cameras, like other IoT devices, are being attached to the public Internet more often, and unfortunately many of those devices are unprotected from outsider access. Another problem is that vendors still design systems with the assumption it is attached to a benign network operated by friendly users. Poor access control, ‘secret’ back doors, home-brew protocols that are prone to attack, unsecured sensitive information are (still) common problems,” said Rodney Thayer, Convergence Engineer at Smithee Solutions.
Indeed, a breach can lead to disastrous consequences. “By searching for webcams that use a vulnerable streaming protocol and lack password authentication, attackers are able to populate a feed with snapshots of everything from private meeting rooms to children’s bedrooms. These images are evidence of an unsettling truth: willingly or unwillingly, we’ve opened our homes and businesses to the World Wide Web. As a result, cyber criminals now have more potential targets than ever, and they can do a lot more than eavesdrop,” said Stephen Mak, VP of SPARK Sales for Asia Pacific at BlackBerry.
“A few days before US President Donald Trump’s inauguration, the storage devices of 123 police video IP cameras in the D.C. area were attacked via ransomware by hackers, which left these locations entirely un-surveilled. This isn’t the only time that IP cameras have been subject to major attack; over 60 cameras were attacked in Japan, school cameras in Virginia were attacked by one of the students, and home security cameras are attacked regularly,” said Luke Bencie, MD of Security Management International and Zachary Smith, Junior Associate at Security Management International.
With attacks becoming more diverse and complex, it’s better for the user to have some basic ideas of the
attacks that are more common. “These include malware, or software that performs a malicious task on a target device or network; man in the middle attack, where an attacker establishes a position between the sender and recipient by connecting attacker devices and intercepts them; and denial of service attack where an attacker takes over many devices and uses them to invoke the functions of a target system, for example a website, causing it to crash from an overload of demand,” said Sanjay Kumar, Chairman of Railway Recruitment Board of Indian Railways.
“Common attacks still include password brute force, since not all vendor or integrators follow password best practices. Attacks can be based on the camera operating system implementation, as not all vendors lock these down properly or operate with a trusted computing platform,” said Salvatore D’Agostino, CEO of IDmachines. “Many cameras get deployed with connections in the clear (for example over http and port 80 as opposed to an https connection over 443 or other port using transport layer security (TLS). Malware transmission, using open ports (for example telnet) to log into other devices on flat networks, zero-days from hard-coded credentials exploited by botnets, and other attacks are all still in play.”
How to know when the camera is compromised
A user should check from time to time whether the camera device might have been attacked. In fact, there are certain telltale signs that suggest a possible breach.
“If a device has a function for two-way communication, take notice of any sound coming from the device. A suspicious sound could mean that the device is being accessed remotely. Also, one should take note of active LED indicators, which alert the surveilled that the camera is actively recording and being accessed,” Bencie and Smith said.
“If you find out that your security camera is following your movement, your camera has more than likely been hacked. When someone hacks your pan-tilt camera and controls it on his side, your hacked security camera or baby monitor may rotate by itself, or point to a different position than usual,” Kumar said. “It is also a necessary step to check if the security settings have been changed and password has been set to default. The person hacks into your security camera may leave some information on the settings. There are some proud security camera hackers who even change the camera name to something like ‘Upgrade Firmware’ to show off their hacking talents.”