Companies and individuals are increasingly turning to web-enabled cameras to help secure their premises. However, these high-tech solutions typically use Internet protocol (IP), an open standard, to connect back to control rooms. Like all open standards, IP can easily be hacked if not properly secured.
Let’s take a recent example from last year: a Texas couple’s babycam was hacked by a repeat offender who used the device to curse and say sexually explicit things to their sleeping two-year-old daughter.
In March this year, hacker Jared James Abrahams, received an 18-month jail sentence for hacking into the webcam of Miss Teen USA, Cassidy Wolf. Abrahams did this regularly, using nude photos to blackmail girls on Skype.
And if don’t have the skills to do the hacking, the Web abounds with help. YouTube has a four-step instruction video on how to hack into any live webcam, while WikiHow shows how to watch security camera streams. These are just two examples.
At Hack in the Box, a 2013 security conference, researchers from a security firm Qualys said that Web-based administration interfaces for Internet-protocol webcams are “a textbook example of an insecure Web application” that makes personal information vulnerable. Respected publications like InformationWeek have reported on vulnerabilities inside well-known network video recorders which are used to record video from webcams.
“In other words, the very devices people are relying on to provide a new layer of security are actually back doors that crooks can easily exploit,” says Philip Smerkovitz, MD of TeleEye South Africa, a CCTV remote monitoring and management consultancy. “This vulnerability is expected to grow as the smart office and home concept takes off, and webcams are used both to beef up security and monitor activity.”
In response to this vulnerability, TeleEye has developed hacker-resistant IP cameras that use proprietary protocols to protect video streams. It is typically while the video is being transmitted that it is vulnerable to hackers. TeleEye’s video-streaming protocols offer one level of protection, as does TeleEye’s SMAC-M Multi-Stream video technology, which delivers efficient and effective bandwidth utilisation. More important, TeleEye’s also uses AES 256-bit encryption. Thus, even though the information is delivered via an open-standards platform, it remains impervious to outside eyes.
“Additional security is provided by TeleEye’s pair-matching architecture. TeleEye software and hardware have individual identities, and only if software is registered with the hardware can it be used for video-surveillance function. Thus, even non-registered TeleEye software cannot access TeleEye hardware,” Smerkowitz explains. “Moreover, only users with designated IP addresses can access client’s security camera network.”
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version