Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Securing your security systems

CCTV Handbook 2016 Surveillance, Information Security

By Andrew Seldon.

We install surveillance cameras and related physical security systems to protect ourselves, our assets and our people. Unfortunately, as surveillance solutions have evolved to the IP platform, irrespective of the benefits IP delivers, these systems and devices have become part of the network, and more dangerously, part of the Internet.

Given the skills and innovation we’re seeing in the world of cybercrime, it’s no wonder then, that our cameras, NVRs, DVRs and management platforms have become a target for these criminals. It’s not that they specifically want to hack into our cameras, although that seems to be a sideline, but they want to find an easy way into our network to get at the data we have stored.

At iLEGAL 2016, Manuel Corregedor, operations manager at Wolfpack Information Risk took attendees through a brief introduction to the weaknesses of their surveillance systems. Wolfpack is a company that focuses on threat intelligence and research, training in the area of combating cybercrime as well as offering an advisory service.

Corregedor started by highlighting the threat landscape the always-on world faces today, as well as the evolution of hacking from a fun activity that did little more than irritate victims, to a major money-making racket for organised crime, to the latest state or activist means for collecting information and disrupting companies – or even whole economies.

Hack your CCTV

He then focused on CCTV cameras and their vulnerability to hacking. From home users connecting cameras to the Internet to watch their kids, or even babycams designed to keep a remote eye on babies, through to gaining access to private and public sector data via unprotected surveillance cameras, there are many reports on how people have exploited cameras for criminal purposes.

The vulnerabilities we face with cameras range from not changing the default password on cameras through to not updating camera firmware with the latest updates and countless others. These all leave companies with easy-to-exploit vulnerabilities. One need only do a Google search to find more stories than we would care to imagine.

But you don’t have to be a hacker to find vulnerable cameras. Corregedor showed two websites designed to find them for you. Hi-Tech Security Solutions will not promote these sites, but they are easy enough to find.

The first produces a list of insecure cameras from around the world. All the user does is choose a country and click on the camera he would like to watch. At the time of writing, there were 4949 cameras available for viewing in the USA, 568 in the Russian Federation, 24 in New Zealand and only 6 in South Africa. If you’re not into being a peeping Tom targeting a particular country, you can also search for cameras in specific locations, such as in kitchens or coffee houses and so forth. The cameras are located in businesses or homes, and sometimes in public spaces, creating a serious privacy problem – to say the least.

The second site promotes itself as the search engine for the Internet of Things (IoT) and allows you to search for any devices online, including surveillance cameras. It even allows you to choose pre-selected searches for cameras or industrial systems and much more. This site finds open cameras and those that are protected by passwords; you can even instruct it to find cameras that are using the default passwords. The result is the same, not only are we faced with a privacy problem, but also open doorways to networks.

People, process and technology

Corregedor went on to explain that the risks we face are a combination of technology, people and processes – as always seems to be the case. He then went on to briefly touch on the subject of how to assess your risk and formulate a plan to deal with the problems you find.

The goal is to implement effective prevention solutions, and this does not always require buying the newest and most expensive technology. Sometimes it means using what you have effectively. An important part of this is understanding that a camera is a risk, but it is part of a broader infrastructure that has different risks and vulnerabilities, and companies need to assess the whole in order to protect themselves.

For more information, contact Wolfpack Information Risk, info@wolfpackrisk.com, www.wolfpackrisk.com





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

NEC XON secures mobile provider’s hybrid identities
NEC XON Access Control & Identity Management Information Security Commercial (Industry)
For a leading South African telecommunications operator, identity protection has become a strategic priority as identity-centric attacks proliferate across the industry. The company faced mounting pressure to secure both human and non-human identities across complex hybrid environments.

Read more...
Data privacy best practices for physical security teams
Genetec Surveillance Integrated Solutions IoT & Automation
Physical security systems produce large amounts of information from video footage, access control records, and licence plate data. Recommendations assist organisations in safeguarding sensitive data, while ensuring effective security operations.

Read more...
The AI goldrush has a credibility problem
Surveillance AI & Data Analytics
The single most important question a surveillance buyer can ask is deceptively simple: “Was this system programmed or was it trained?” That question alone will reveal more about what you are evaluating than any feature list or marketing video.

Read more...
Rise in malicious insider threat reports
News & Events Information Security
Mimecast Study finds 46% of SA organisations report a rise in malicious insider threat reports over the past year: reveals disconnect between security awareness and technical controls as AI-powered attacks accelerate.

Read more...
Surveillance & AI roundtable
DeepAlert Lytehouse Refraime SMART Security Solutions Technews Publishing Editor's Choice Surveillance Integrated Solutions AI & Data Analytics
SMART Security Solutions held an online roundtable with a few surveillance experts to explore the intersection of surveillance and AI, gaining insights into the market and how control rooms are evolving.

Read more...
Duxbury SA Milesight distributor
Duxbury Networking News & Events Surveillance
Duxbury Networking has been appointed the exclusive distributor of Milesight surveillance solutions in South Africa, expanding its surveillance portfolio with a platform designed to deliver AI-driven analytics, rapid deployment, and open integration for modern security environments.

Read more...
New campaign exploiting Google Tasks notifications
News & Events Information Security
New phishing scheme abuses legitimate Google Tasks notifications to trick corporate users into revealing corporate login credentials, which can then be used to gain unauthorised access to company systems, steal data, or launch further attacks.

Read more...
Transforming video surveillance into strategic intelligence
Secutel Technologies Products & Solutions Surveillance
In a world where risk moves faster, and operations are more interconnected than ever, you need more than footage — you need insight.

Read more...
Coordinated efforts lead to successful crime response
News & Events Surveillance Integrated Solutions
A synchronised operation involving Vumacam’s control room operators, the Johannesburg Metropolitan Police Department (JMPD), and 24/7 Drone Force, resulted in the successful identification and apprehension of a suspect linked to a reported theft case.

Read more...
What’s in store for PAM and IAM?
Access Control & Identity Management Information Security
Leostream predicts changes in Identity and Access Management (IAM) and Privileged Access Management (PAM) in the coming year, driven by evolving cybersecurity realities, hybridisation, AI, and more.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.