Cybersecurity is a hot topic in the news lately. With all of the recent IoT hacks, it’s no wonder that people are concerned about their online security. One area that can often be overlooked in internet-connected devices is IP cameras. Let’s take a look at how security cameras can be at risk, and the ways you can protect yourself.
Are My Security Cameras at Risk?
Security cameras are an attractive target for cybercriminals for the following reasons:
- They have constant connectivity to the internet, keeping them accessible to hackers.
- They lack supervision and are often overlooked when managing a network’s security.
- They are likely to be connected to high bandwidth connections to support live streaming over the internet.
- The hacking investment is low. Once a vulnerability has been discovered, the vulnerability can be used against thousands of other cameras from the same manufacturer.
In 2016, the Mirai botnet took down some of the biggest websites in the world by infecting IoT devices like security cameras and routers. The botnet was able to take control of these devices because they were using default or easy to guess passwords. But the hackers controlling the botnet attacks aren’t trying to view the footage; they want to use the camera’s processor to carry out denial-of-service attacks or collect data from unsuspecting users.
Security Cameras As Another Processor
The processors in IP cameras are not overly powerful, which makes them less attractive targets for attackers than a powerful webserver. However, they are easily exploited with outdated firmware or easy to guess passwords.
It’s important to remember that security cameras are just another type of computer. They are subject to the same risks as any other connected device, so they need to be secured appropriately to protect your data and privacy. They can also be used as a jumping-off point inside a network for a more severe attack.
There is the famous “Fishgate” attack, where a hacker was able to gain access to a casino’s network by compromising an IoT-connected thermostat inside a fish tank. From there, the hackers could access the rest of the network and eventually access the database of high roller customers. While this may seem like a far-fetched scenario, it highlights the importance of proper security for all types of IoT devices.
Security Camera Brands
Security camera manufacturers have pressure to push products to market quickly, which often leads to security being an afterthought. On the other side, customers look at specifications, price points, and reviews, but rarely consider the security of the product. This is especially true for small businesses and home users who are not as concerned with cybersecurity. They just want a camera that will do the job, and they are not worried about the potential risks.
It is challenging to trust specific security camera brands as only a handful of manufacturers make cameras for thousands of other brands.
In 2021, it was discovered that Hikvision products (one of the world’s largest providers of IP cameras) had a command injection vulnerability. While this vulnerability made news and a patch has since been released, Hikvision is the Original Equipment Manufacturer (OEM) for hundreds of other brands. These brands include Annke, EZVIS, Hyundai, and LTS, who could also be vulnerable to the Hikvision exploit. Customers who own one of these brands’ products may be unaware that the Hikvision vulnerability applied to them and leave their cameras vulnerable.
When it comes to security cameras, there are a few things you can do to reduce your risk:
- Ensure your camera is properly configured and all default passwords have been changed.
- Ensure that your camera is running the latest firmware and that security patches are applied in a timely manner.
- Consider using a VPN or other secure connection when accessing your camera’s footage remotely, rather than exposing the Network Video Recorder to the internet.
By following these tips, you can help to keep your data safe and reduce the risk of being hacked. However, it’s important to remember that no system is 100 percent secure, and there are always risks associated with using any type of connected device.