Let’s Mitigate the Cyber Treats in Video Surveillance

2016 will be remembered as a year in which the physical security industry’s got backfired with their apathy towards cybersecurity with a massive distributed denial of service (DDoS) attack caused outages of influential websites like Amazon and Twitter. If you are familiar with the “Mirai Virus”, you may have a clue on what I am talking about. Mirai is a self-propagating botnet virus, which enters a camera by logging in using one of 61 default or common weak passwords that are capable of flooding any site on the web while still acting like a normal camera. It is estimated as 100,000 devices were hijacked by hackers, including network security cameras in this very incident. Got your attention now? Welcome to today’s focus, “Video Surveillance Cybersecurity”.

What are the Potential Vulnerabilities of Your Video Surveillance System?

A collection of equipment and software that provides security and safety can simply mention as a physical security system. CCTV (Closed-circuit television) surveillance, access control, perimeter intrusion detection, deterrent systems kind of systems are some instances for these Physical Security Systems. “Are you saying that even these security systems can make us vulnerable?” There’s no wonder if this comes to your mind eventually. Well, let’s take CCTV which is a video surveillance system as an example. Back in the days, these CCTV cameras were separate from the Local Area Networks (LAN) and the Internet, using direct connections via coaxial cable to send data directly to a recorder. The systems were isolated and should only be worried about some activities like the equipment destruction, unauthorized deleting or copying of recorded data.

In such a scenario, cybersecurity was considered as a minimum requirement. But nowadays the video surveillance systems have evolved into IP-based equipment. Bots can infiltrate unprotected computers and then use the computing power of their ‘hosts’ to carry out miscellaneous cyber-attacks on other Internet targets. In the Mirai attack mentioned above, many bogus requests were made by an army of bots and the web sites became overwhelmed by the volume of traffic and could not respond to legitimate requests with that DDoS attack. Those attacking bots were hosted by IP-enabled cameras and digital video recorders (DVRs) and can find out easily using a search engine for Internet-connected devices like Shodan. A hacker can find many potentially vulnerable IoT devices to hack into with this simple tool, especially when using default passwords and guessable passwords.

Precautions to Protect Your Video Surveillance System

Maintaining cybersecurity across all devices is really challenging. Therefore, you should follow two simple steps in approaching cybersecurity in your video surveillance systems. First is awareness of potential vulnerabilities, threats and issues and the second is mitigating the risk by taking the necessary steps to patch the potential issue before it turns into a serious threat. But what are the solutions that might cover these steps up?

• Change your default username and password

Start closing the doors for the hackers by changing your default username and the password of the video surveillance system. Try out a strong password that is hard to guess that has at least 6 characters including numbers, symbols, both uppercase and lowercase letters. Avoid using commonly used predictable passwords.

 

• Update camera firmware regularly

You should make sure that your surveillance system’s firmware is up-to-date which prevent hackers from exploiting vulnerabilities and bugs that are already patched by manufacturers in a new firmware update.

 

• Use two-factor authentication

Sophisticated cyber attackers are capable of testing billions of passwords every second. With two-factor authentication on, the device manufacturer will send you a randomly generated passcode via text message or phone call, in addition to username and password, during each log in. But it is applicable only if the manufacturer features the two-factor authentication.

 

• Prevent devices from sending information to third party

The firmware of most cameras is programmed to keep connected with the manufacturer’s server without knowledge of the end-user which could result in footage leak to a third party or a hacker attack. In order to avoid this, we can use statically assigned IP addresses and assign a DNS server which is locked down to your addresses only.

 

• Isolate your video surveillance system

Never mess up your video surveillance system with the corporate network with all of the other PCs and Workstations. Isolate them with a Virtual LAN (VLAN). The only thing that should be able to talk to them is the Video Management System (VMS).

 

• Be conscious about traffic spikes

Monitoring dual-homed systems for bandwidth spikes can make a hack resulting in the leakage of confidential data. There are numerous traffic monitoring tools available to private and corporate users that can manage and sniff the network or monitor them.

 

Cutting the Long Story Short

No one is immune to cybersecurity threats. If you haven’t been a target, the fact is that you just haven’t been a target “yet”. Thus, ensuring the cybersecurity of video surveillance systems should be taken in a very serious way. Otherwise, you will leave the door for hackers wide open and have to live with those vulnerabilities.

 References

• http://www.securitysa.com/9032r

• https://www.sourcesecurity.com/insights/cybersecurity-role-video-surveillance-co-1536324138-ga-sb.1556023552.html

• https://www.milestonesys.com/globalassets/marketplace/uploaded-assets/0012000000ovtqdaak/razberi_cyber_security_whitepaper.pdf

• https://www.sourcesecurity.com/insights/prevent-surveillance-camera-system-hacked-co-1568197656-ga.1599043945.html

• https://leater.com/en/services/video-surveillance.html