Securing your security systems

May 2016 CCTV, Surveillance & Remote Monitoring, Cyber Security

We install surveillance cameras and related physical security systems to protect ourselves, our assets and our people. Unfortunately, as surveillance solutions have evolved to the IP platform, irrespective of the benefits IP delivers, these systems and devices have become part of the network, and more dangerously, part of the Internet.

Given the skills and innovation we’re seeing in the world of cybercrime, it’s no wonder then, that our cameras, NVRs, DVRs and management platforms have become a target for these criminals. It’s not that they specifically want to hack into our cameras, although that seems to be a sideline, but they want to find an easy way into our network to get at the data we have stored.

At iLEGAL 2016, Manuel Corregedor, operations manager at Wolfpack Information Risk took attendees through a brief introduction to the weaknesses of their surveillance systems. Wolfpack is a company that focuses on threat intelligence and research, training in the area of combating cybercrime as well as offering an advisory service.

Corregedor started by highlighting the threat landscape the always-on world faces today, as well as the evolution of hacking from a fun activity that did little more than irritate victims, to a major money-making racket for organised crime, to the latest state or activist means for collecting information and disrupting companies – or even whole economies.

Hack your CCTV

He then focused on CCTV cameras and their vulnerability to hacking. From home users connecting cameras to the Internet to watch their kids, or even babycams designed to keep a remote eye on babies, through to gaining access to private and public sector data via unprotected surveillance cameras, there are many reports on how people have exploited cameras for criminal purposes.

The vulnerabilities we face with cameras range from not changing the default password on cameras through to not updating camera firmware with the latest updates and countless others. These all leave companies with easy-to-exploit vulnerabilities. One need only do a Google search to find more stories than we would care to imagine.

But you don’t have to be a hacker to find vulnerable cameras. Corregedor showed two websites designed to find them for you. Hi-Tech Security Solutions will not promote these sites, but they are easy enough to find.

The first produces a list of insecure cameras from around the world. All the user does is choose a country and click on the camera he would like to watch. At the time of writing, there were 4949 cameras available for viewing in the USA, 568 in the Russian Federation, 24 in New Zealand and only 6 in South Africa. If you’re not into being a peeping Tom targeting a particular country, you can also search for cameras in specific locations, such as in kitchens or coffee houses and so forth. The cameras are located in businesses or homes, and sometimes in public spaces, creating a serious privacy problem – to say the least.

The second site promotes itself as the search engine for the Internet of Things (IoT) and allows you to search for any devices online, including surveillance cameras. It even allows you to choose pre-selected searches for cameras or industrial systems and much more. This site finds open cameras and those that are protected by passwords; you can even instruct it to find cameras that are using the default passwords. The result is the same, not only are we faced with a privacy problem, but also open doorways to networks.

People, process and technology

Corregedor went on to explain that the risks we face are a combination of technology, people and processes – as always seems to be the case. He then went on to briefly touch on the subject of how to assess your risk and formulate a plan to deal with the problems you find.

The goal is to implement effective prevention solutions, and this does not always require buying the newest and most expensive technology. Sometimes it means using what you have effectively. An important part of this is understanding that a camera is a risk, but it is part of a broader infrastructure that has different risks and vulnerabilities, and companies need to assess the whole in order to protect themselves.

For more information, contact Wolfpack Information Risk,,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Patient critical – healthcare’s cybersecurity pulse
August 2019, Wolfpack Information Risk , News, Cyber Security, Healthcare (Industry)
The healthcare industry has become one of the leading cybersecurity attack vectors worldwide for several reasons.

Why rehearsals and drills for crises and evacuation are so important
August 2019, Leaderware , CCTV, Surveillance & Remote Monitoring, Security Services & Risk Management
The rehearsal of concept (ROC) drill has been used extensively in the military, but is just as important when facing risks in organisations and institutions to protect people on the ground.

Milestone partners prove their skills
August 2019, Milestone Systems , News, CCTV, Surveillance & Remote Monitoring, Training & Education
Within the span of one week in mid-May, the Milestone Learning & Performance group celebrated important benchmarks: 200 000 course registrations and tutorial views, and 10 000 certifications.

ONVIF Hosts 20th Developers’ Plugfest
August 2019 , News, CCTV, Surveillance & Remote Monitoring
ONVIF, the global standardisation initiative for IP-based physical security products, hosted its twentieth ONVIF Developers’ Plugfest in early June in Tokyo.

Licence plate recognition camera
August 2019 , Products, CCTV, Surveillance & Remote Monitoring
VIVOTEK has introduced a new licence plate recognition camera featuring built-in licence plate recognition software and edge-computing capability.

Securing Savannah Hills Estate
August 2019, Rhyco Risk Projects , CCTV, Surveillance & Remote Monitoring, Perimeter Security, Alarms & Intruder Detection
Savannah Hills Estate in Midrand planned a security upgrade which was awarded to Rhyco Risk Projects. The project started in March 2019 and was completed in May 2019.

10 things to consider when shopping for a VMS
August 2019, Genetec , CCTV, Surveillance & Remote Monitoring, Integrated Solutions
Today’s video management systems (VMS) provide a wide range of tools and capabilities that help make security personnel more efficient by allowing them to focus on what really matters.

How far are we really at with artificial intelligence?
August 2019, Axis Communications SA , Editor's Choice, CCTV, Surveillance & Remote Monitoring, IT infrastructure, Residential Estate (Industry)
Justin Ludik unpacks exactly how far AI has come and what it potentially can do for society and more importantly, surveillance.

Enhancing security with AI
August 2019, Hikvision South Africa , CCTV, Surveillance & Remote Monitoring
Hikvision explains how residential estates can revolutionise their security strategies and outcomes with artificial intelligence.

More than simply a camera
August 2019, Forbatt SA, Secutel Technologies , CCTV, Surveillance & Remote Monitoring, Residential Estate (Industry)
With the human element being the weakest link in all security solutions, Hi-Tech Security Solutions looks at the pros and cons of using body-worn cameras in estates.