Securing your security systems

CCTV Handbook 2016 CCTV, Surveillance & Remote Monitoring, Cyber Security

We install surveillance cameras and related physical security systems to protect ourselves, our assets and our people. Unfortunately, as surveillance solutions have evolved to the IP platform, irrespective of the benefits IP delivers, these systems and devices have become part of the network, and more dangerously, part of the Internet.

Given the skills and innovation we’re seeing in the world of cybercrime, it’s no wonder then, that our cameras, NVRs, DVRs and management platforms have become a target for these criminals. It’s not that they specifically want to hack into our cameras, although that seems to be a sideline, but they want to find an easy way into our network to get at the data we have stored.

At iLEGAL 2016, Manuel Corregedor, operations manager at Wolfpack Information Risk took attendees through a brief introduction to the weaknesses of their surveillance systems. Wolfpack is a company that focuses on threat intelligence and research, training in the area of combating cybercrime as well as offering an advisory service.

Corregedor started by highlighting the threat landscape the always-on world faces today, as well as the evolution of hacking from a fun activity that did little more than irritate victims, to a major money-making racket for organised crime, to the latest state or activist means for collecting information and disrupting companies – or even whole economies.

Hack your CCTV

He then focused on CCTV cameras and their vulnerability to hacking. From home users connecting cameras to the Internet to watch their kids, or even babycams designed to keep a remote eye on babies, through to gaining access to private and public sector data via unprotected surveillance cameras, there are many reports on how people have exploited cameras for criminal purposes.

The vulnerabilities we face with cameras range from not changing the default password on cameras through to not updating camera firmware with the latest updates and countless others. These all leave companies with easy-to-exploit vulnerabilities. One need only do a Google search to find more stories than we would care to imagine.

But you don’t have to be a hacker to find vulnerable cameras. Corregedor showed two websites designed to find them for you. Hi-Tech Security Solutions will not promote these sites, but they are easy enough to find.

The first produces a list of insecure cameras from around the world. All the user does is choose a country and click on the camera he would like to watch. At the time of writing, there were 4949 cameras available for viewing in the USA, 568 in the Russian Federation, 24 in New Zealand and only 6 in South Africa. If you’re not into being a peeping Tom targeting a particular country, you can also search for cameras in specific locations, such as in kitchens or coffee houses and so forth. The cameras are located in businesses or homes, and sometimes in public spaces, creating a serious privacy problem – to say the least.

The second site promotes itself as the search engine for the Internet of Things (IoT) and allows you to search for any devices online, including surveillance cameras. It even allows you to choose pre-selected searches for cameras or industrial systems and much more. This site finds open cameras and those that are protected by passwords; you can even instruct it to find cameras that are using the default passwords. The result is the same, not only are we faced with a privacy problem, but also open doorways to networks.

People, process and technology

Corregedor went on to explain that the risks we face are a combination of technology, people and processes – as always seems to be the case. He then went on to briefly touch on the subject of how to assess your risk and formulate a plan to deal with the problems you find.

The goal is to implement effective prevention solutions, and this does not always require buying the newest and most expensive technology. Sometimes it means using what you have effectively. An important part of this is understanding that a camera is a risk, but it is part of a broader infrastructure that has different risks and vulnerabilities, and companies need to assess the whole in order to protect themselves.

For more information, contact Wolfpack Information Risk, info@wolfpackrisk.com, www.wolfpackrisk.com





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Consolidating control rooms and service delivery within a COVID-19 environment
Issue 6 2020, Leaderware , CCTV, Surveillance & Remote Monitoring
It is essential to have informed, coordinated and professional responses within control rooms at this time of increasing turmoil.

Read more...
Technology driving the healthcare industry
Issue 6 2020, Duxbury Networking , CCTV, Surveillance & Remote Monitoring
Seeing cameras as sensors opens up new possibilities, and each one of them responds to typical demands inside a hospital, clinic or nursing home.

Read more...
Flexible temperature screening options for challenging times
Issue 6 2020, Hikvision South Africa , CCTV, Surveillance & Remote Monitoring
A thermal imaging camera is an effective screening device for detecting individuals with elevated skin temperature. This type of monitoring can provide a rapid screening approach in high-traffic areas.

Read more...
Toyota Argentina joins the new normal
Issue 6 2020, Dahua Technology South Africa , CCTV, Surveillance & Remote Monitoring
Toyota Argentina makes use of Dahua technology to ensure COVID-19 safety protocols are adhered to.

Read more...
Qognify launches Cayuga R15 VMS
Issue 6 2020 , CCTV, Surveillance & Remote Monitoring
Cayuga R15 is compatible with Qognify’s Umbrella web-based platform that can be used to configure, manage and monitor all connected Cayuga systems centrally.

Read more...
New DeepinView camera series
Issue 6 2020, Hikvision South Africa , CCTV, Surveillance & Remote Monitoring
Cameras equipped with multiple dedicated algorithms that can be selected as required based on the needs of the installation, then switched as the security needs change.

Read more...
Mitigating the human risk
Issue 5 2020, Managed Integrity Evaluation, Technews Publishing, iFacts , CCTV, Surveillance & Remote Monitoring
Hi-Tech Security Solutions asked Jennifer Barkhuizen and Jenny Reid for some information around background screening and vetting of potential new hires.

Read more...
Teaching old cameras new tricks
Residential Estate Security Handbook 2020, Deep Data , CCTV, Surveillance & Remote Monitoring
Dr Jasper Horrell and Mark Smuts from DeepAlert reveal how estates can upgrade their existing surveillance infrastructure to include the latest AI-enhanced analytics, without buying new hardware.

Read more...
Thermal continues to evolve
Residential Estate Security Handbook 2020, Technews Publishing, Axis Communications SA, Bosch Building Technologies, Dahua Technology South Africa , CCTV, Surveillance & Remote Monitoring
Thermal cameras have made an enormous impact to perimeter security, with more to come as artificial intelligence enhances analytics.

Read more...
Automated estate protection
Residential Estate Security Handbook 2020, Axis Communications SA , CCTV, Surveillance & Remote Monitoring
Marlenique Estate makes use of an end-to-end Axis Communications solution, installed by Energize Technology Africa for automated security. Automated estate protection.

Read more...