Securing your security systems

May 2016 CCTV, Surveillance & Remote Monitoring, Cyber Security

We install surveillance cameras and related physical security systems to protect ourselves, our assets and our people. Unfortunately, as surveillance solutions have evolved to the IP platform, irrespective of the benefits IP delivers, these systems and devices have become part of the network, and more dangerously, part of the Internet.

Given the skills and innovation we’re seeing in the world of cybercrime, it’s no wonder then, that our cameras, NVRs, DVRs and management platforms have become a target for these criminals. It’s not that they specifically want to hack into our cameras, although that seems to be a sideline, but they want to find an easy way into our network to get at the data we have stored.

At iLEGAL 2016, Manuel Corregedor, operations manager at Wolfpack Information Risk took attendees through a brief introduction to the weaknesses of their surveillance systems. Wolfpack is a company that focuses on threat intelligence and research, training in the area of combating cybercrime as well as offering an advisory service.

Corregedor started by highlighting the threat landscape the always-on world faces today, as well as the evolution of hacking from a fun activity that did little more than irritate victims, to a major money-making racket for organised crime, to the latest state or activist means for collecting information and disrupting companies – or even whole economies.

Hack your CCTV

He then focused on CCTV cameras and their vulnerability to hacking. From home users connecting cameras to the Internet to watch their kids, or even babycams designed to keep a remote eye on babies, through to gaining access to private and public sector data via unprotected surveillance cameras, there are many reports on how people have exploited cameras for criminal purposes.

The vulnerabilities we face with cameras range from not changing the default password on cameras through to not updating camera firmware with the latest updates and countless others. These all leave companies with easy-to-exploit vulnerabilities. One need only do a Google search to find more stories than we would care to imagine.

But you don’t have to be a hacker to find vulnerable cameras. Corregedor showed two websites designed to find them for you. Hi-Tech Security Solutions will not promote these sites, but they are easy enough to find.

The first produces a list of insecure cameras from around the world. All the user does is choose a country and click on the camera he would like to watch. At the time of writing, there were 4949 cameras available for viewing in the USA, 568 in the Russian Federation, 24 in New Zealand and only 6 in South Africa. If you’re not into being a peeping Tom targeting a particular country, you can also search for cameras in specific locations, such as in kitchens or coffee houses and so forth. The cameras are located in businesses or homes, and sometimes in public spaces, creating a serious privacy problem – to say the least.

The second site promotes itself as the search engine for the Internet of Things (IoT) and allows you to search for any devices online, including surveillance cameras. It even allows you to choose pre-selected searches for cameras or industrial systems and much more. This site finds open cameras and those that are protected by passwords; you can even instruct it to find cameras that are using the default passwords. The result is the same, not only are we faced with a privacy problem, but also open doorways to networks.

People, process and technology

Corregedor went on to explain that the risks we face are a combination of technology, people and processes – as always seems to be the case. He then went on to briefly touch on the subject of how to assess your risk and formulate a plan to deal with the problems you find.

The goal is to implement effective prevention solutions, and this does not always require buying the newest and most expensive technology. Sometimes it means using what you have effectively. An important part of this is understanding that a camera is a risk, but it is part of a broader infrastructure that has different risks and vulnerabilities, and companies need to assess the whole in order to protect themselves.

For more information, contact Wolfpack Information Risk,,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Shorten your checkout lines to enhance customer experience
September 2019, Hikvision South Africa , Retail (Industry), CCTV, Surveillance & Remote Monitoring
Hikvision's queue detection technology is purpose-built to offer cutting-edge flow analysis to retail outlets and any situation where waiting to pay is required.

Constructive CCTV contributions to research
September 2019, Leaderware , Editor's Choice, CCTV, Surveillance & Remote Monitoring
Study leads to understanding that we need more recognition and reward for constructive participation in society.

New Africa sales manager for Axis Communications
September 2019, Axis Communications SA , News, CCTV, Surveillance & Remote Monitoring
Axis Communications has appointed Brendon Hall, previously the founder and MD of Pentagon, as its new sales manager, Africa.

Check Point appoints new regional director for Africa
September 2019 , News, Cyber Security
Check Point Software Technologies has appointed Pankaj Bhula as regional director for Africa.

ISO standard for protecting personal data
September 2019 , News, Cyber Security
Tackling privacy information management head on: first ISO standard for protecting personal data has been published.

Hikvision helps secure African Union Summit
September 2019, Hikvision South Africa , News, CCTV, Surveillance & Remote Monitoring
Hikvision established a complete intelligent video solution to ensure the security of the thirty-third African Union (AU) Summit held on 7 July in Niamey, the capital of Niger.

The hunt for the Carbanak group
September 2019 , Editor's Choice, Cyber Security, News
Tomorrow Unlocked has released a free four-part documentary that tells the story of the notorious Carbanak APT group and its $1 billion bank heist.

Genetec to integrate CylancePROTECT
September 2019, Genetec , Editor's Choice, CCTV, Surveillance & Remote Monitoring, News
Genetec has announced it is partnering with Cylance, a business unit of Blackberry, to bring AI-based antivirus protection to its appliance customers.

Dashcams useful for more than social media
September 2019, Graphic Image Technologies , CCTV, Surveillance & Remote Monitoring, Transport (Industry)
Logistics companies need to make sure that they have a complete solution that allows real-time driver monitoring and event notifications as they happen.

Building automation vulnerable to hacks
September 2019 , News, Cyber Security
New vulnerability revealed in Internet-connected building automation devices at the DEF CON IoT Village that could impact critical building systems.