Securing your security systems

CCTV Handbook 2016 Surveillance, Information Security

We install surveillance cameras and related physical security systems to protect ourselves, our assets and our people. Unfortunately, as surveillance solutions have evolved to the IP platform, irrespective of the benefits IP delivers, these systems and devices have become part of the network, and more dangerously, part of the Internet.

Given the skills and innovation we’re seeing in the world of cybercrime, it’s no wonder then, that our cameras, NVRs, DVRs and management platforms have become a target for these criminals. It’s not that they specifically want to hack into our cameras, although that seems to be a sideline, but they want to find an easy way into our network to get at the data we have stored.

At iLEGAL 2016, Manuel Corregedor, operations manager at Wolfpack Information Risk took attendees through a brief introduction to the weaknesses of their surveillance systems. Wolfpack is a company that focuses on threat intelligence and research, training in the area of combating cybercrime as well as offering an advisory service.

Corregedor started by highlighting the threat landscape the always-on world faces today, as well as the evolution of hacking from a fun activity that did little more than irritate victims, to a major money-making racket for organised crime, to the latest state or activist means for collecting information and disrupting companies – or even whole economies.

Hack your CCTV

He then focused on CCTV cameras and their vulnerability to hacking. From home users connecting cameras to the Internet to watch their kids, or even babycams designed to keep a remote eye on babies, through to gaining access to private and public sector data via unprotected surveillance cameras, there are many reports on how people have exploited cameras for criminal purposes.

The vulnerabilities we face with cameras range from not changing the default password on cameras through to not updating camera firmware with the latest updates and countless others. These all leave companies with easy-to-exploit vulnerabilities. One need only do a Google search to find more stories than we would care to imagine.

But you don’t have to be a hacker to find vulnerable cameras. Corregedor showed two websites designed to find them for you. Hi-Tech Security Solutions will not promote these sites, but they are easy enough to find.

The first produces a list of insecure cameras from around the world. All the user does is choose a country and click on the camera he would like to watch. At the time of writing, there were 4949 cameras available for viewing in the USA, 568 in the Russian Federation, 24 in New Zealand and only 6 in South Africa. If you’re not into being a peeping Tom targeting a particular country, you can also search for cameras in specific locations, such as in kitchens or coffee houses and so forth. The cameras are located in businesses or homes, and sometimes in public spaces, creating a serious privacy problem – to say the least.

The second site promotes itself as the search engine for the Internet of Things (IoT) and allows you to search for any devices online, including surveillance cameras. It even allows you to choose pre-selected searches for cameras or industrial systems and much more. This site finds open cameras and those that are protected by passwords; you can even instruct it to find cameras that are using the default passwords. The result is the same, not only are we faced with a privacy problem, but also open doorways to networks.

People, process and technology

Corregedor went on to explain that the risks we face are a combination of technology, people and processes – as always seems to be the case. He then went on to briefly touch on the subject of how to assess your risk and formulate a plan to deal with the problems you find.

The goal is to implement effective prevention solutions, and this does not always require buying the newest and most expensive technology. Sometimes it means using what you have effectively. An important part of this is understanding that a camera is a risk, but it is part of a broader infrastructure that has different risks and vulnerabilities, and companies need to assess the whole in order to protect themselves.

For more information, contact Wolfpack Information Risk, [email protected], www.wolfpackrisk.com





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Safer spaces through smart surveillance
NEC XON Surveillance
Advances in facial recognition technology are transforming surveillance from a mere recording tool into an intelligent, integrated system that enhances real-time safety, moving beyond the traditional expansion of CCTV efforts.

Read more...
Next generation of AI-powered video telematics
IoT & Automation Surveillance Transport (Industry)
Webfleet, Bridgestone’s fleet management solution in South Africa, has launched Webfleet Video 2.0, an AI-powered solution designed to enhance fleet safety, security, compliance with local regulations and operational efficiency through real-time video insights.

Read more...
Back-up securely and restore in seconds
Betatrac Telematic Solutions Editor's Choice Information Security Infrastructure
Betatrac has a solution that enables companies to back-up up to 8 TB of data onto a device and restore it in 30 seconds in an emergency, called Rapid Access Data Recovery (RADR).

Read more...
Key design considerations for a control room
Leaderware Editor's Choice Surveillance Training & Education
If you are designing or upgrading a control room, or even reviewing or auditing an existing control room, there are a number of design factors that one would need to consider.

Read more...
Smart cities and the role of video security
Surveillance Integrated Solutions
As cities around the world continue to embrace smart technology, including IoT that not only connects to people, but also the surrounding activity, the integration of advanced video security systems is crucial to ensure safety and efficiency in environments.

Read more...
How intrusion protection helps secure O&G operations
Surveillance Perimeter Security, Alarms & Intruder Detection Industrial (Industry)
For O&G operators in Africa, physical security remains one of the biggest considerations, particularly when it comes to perimeter protection and the ability to mitigate intruder-related incidents.

Read more...
Axis secures the Waterfront
Surveillance Entertainment and Hospitality (Industry) Retail (Industry)
Axis Communications shares insight into its longstanding partnership with the V&A Waterfront, one of Africa’s premier retail and mixed-use precincts, through its latest, updated customer success story.

Read more...
Advanced surveillance storage from ASBIS
Infrastructure Surveillance Products & Solutions
From a video storage solutions perspective, SkyHawk drives, designed for DVRs and NVRs, offer high capacity, optimised firmware, and a reliability workload rating of hundreds of terabytes per year.

Read more...
Open and collaborative logistics systems
Hikvision South Africa Surveillance Logistics (Industry) AI & Data Analytics
E-commerce and other high-volume logistics operations need open and collaborative technology ecosystems that drive efficiencies, throughput and digital transformation. Hikvision discusses the benefits of harnessing open and collaborative systems in the logistics market.

Read more...
4K HDR camera for mobility
Surveillance Transport (Industry)
e-con Systems has introduced a 4K HDR front-view camera, engineered to deliver reliable, long-range imaging for mobility applications such as delivery robots, autonomous vehicles, and off-road vehicles.

Read more...