Cyber security has been a hot topic in the news lately. With all the recent IoT hacks, it's no wonder people are worried about their online security. One area that can often be overlooked in Internet-connected devices is IP cameras. Let's take a look at how security cameras can be compromised and how you can protect yourself.
Are my security cameras at risk?
Security cameras are an attractive target for cybercriminals for the following reasons:
- They have a constant internet connection, so they are accessible to hackers. Other smart home devices like smart lights, switches, and locks are also at risk.
- They lack oversight and are often overlooked in network security management.
- They will likely be connected to high-speed connections to support live streaming over the Internet.
Investment in hacking is low. Once discovered, the vulnerability can be used against thousands of other cameras from the same manufacturer.
In 2016, the Mirai botnet took down some of the world's largest websites by infecting IoT devices such as security cameras and routers. The botnet could take control of these devices because they used default or easy-to-guess passwords. But hackers checking botnet attacks aren't trying to view the footage; they want to use the camera's processor to perform denial-of-service attacks or collect data from unsuspecting users.
Security cameras as another processor
The processors in IP cameras are not overly powerful, making them less attractive targets for attackers than a powerful web server. However, they are easily exploitable using outdated firmware or easily guessable passwords.
It's important to remember that security cameras are just another type of computer. They are subject to the same risks as any other connected device, so they need to be properly secured to protect your data and privacy. They can also be used as a starting point inside the network for a more serious attack.
There is the famous "Fishgate" attack, where a hacker managed to gain access to a casino's network by compromising an IoT-connected thermostat inside an aquarium. From there, the hackers could access the rest of the network and possibly access the database of top customers. While this may seem far-fetched, it highlights the importance of proper security for all types of IoT devices.
Security camera brands
Security camera manufacturers are under pressure to bring products to market quickly, which often results in security being an afterthought. On the other hand, customers look at specifications, prices, and reviews but rarely concern themselves with product safety. This is especially true for small businesses and home users who are not as concerned with cybersecurity. They just want a camera that can do it and are not afraid of the potential risks.
It is difficult to trust specific brands of security cameras because only a handful of manufacturers make cameras for thousands of other brands.
In 2021, Hikvision products (one of the world's largest IP camera providers) were found to have command injection vulnerabilities. While the vulnerability made news and a patch has since been released, Hikvision is an original equipment manufacturer (OEM) for hundreds of other brands. These brands include Annke, EZVIS, Hyundai, and LTS, which could also be at risk of Hikvision abuse. Customers who own any of these brands' products may not be aware that they are affected by the Hikvision vulnerability, leaving their cameras vulnerable.
When it comes to security cameras, there are a few things you can do to reduce your risk:
Ensure the camera is configured correctly and all default passwords have been changed.
Ensure your camera is running the latest firmware and that security patches are applied promptly.
Consider using a VPN or other secure connection to remotely access your camera footage instead of exposing the NVR to the Internet.
Following these tips can help keep your data safe and reduce the risk of being hacked. However, it is important to remember that no system is 100% secure and there are always risks associated with using any type of connected device.