Cybersecurity is a hot topic in the news lately. With all the recent IoT hacks, it’s no wonder people are concerned about their online security. One area that can often be overlooked in internet-connected devices is that of IP cameras. Let’s see how security cameras can be risky and how you can protect yourself.
Are my security cameras in danger?
Security cameras are an attractive target for cybercriminals for the following reasons:
- They have constant connectivity to the Internet, which makes them accessible to hackers.
- They lack oversight and are often overlooked when managing network security.
- They are likely to be connected to high-bandwidth connections to support live streaming over the Internet.
- The investment in hacking is low. Once a vulnerability has been discovered, the vulnerability can be used against thousands of other cameras from the same manufacturer.
In 2016, the Mirai botnet took down some of the world’s largest websites by infecting IoT devices such as security cameras and routers. The botnet was able to take control of these devices because they used default or easy-to-guess passwords. But hackers controlling botnet attacks do not try to view the images; they want to use the camera’s processor to carry out denial of service attacks or collect data from unsuspecting users.
Security cameras as another processor
IP camera processors aren’t too powerful, making them less attractive targets for attackers than a powerful web server. However, they are easily exploitable with outdated firmware or easily guessed passwords.
It’s important to remember that security cameras are just another type of computer. They are subject to the same risks as any other connected device, so they must be appropriately secured to protect your data and privacy. They can also be used as a starting point inside a network for a more severe attack.
There’s the famous “Fishgate” attack, where a hacker gained access to a casino’s network by compromising an IoT-connected thermostat inside an aquarium. From there, hackers could gain access to the rest of the network and possibly gain access to the database of high roller clients. While this may sound like a far-fetched scenario, it highlights the importance of proper security for all types of IoT devices.
Security Camera Brands
Security camera manufacturers are under pressure to get their products to market quickly, which often leads to security being an afterthought. On the other side, customers look at specs, prices, and reviews, but rarely consider product safety. This is especially true for small businesses and home users who aren’t as concerned about cybersecurity. They just want a camera that will do the job, and they don’t worry about the potential risks.
It’s hard to trust specific security camera brands because only a few manufacturers make cameras for thousands of other brands.
In 2021, Hikvision (one of the world’s largest IP camera vendors) products were discovered to have a command injection vulnerability. Although this vulnerability made news and a fix has since been released, Hikvision is the original equipment manufacturer (OEM) for hundreds of other brands. These brands include Annke, EZVIS, Hyundai, and LTS, which could also be vulnerable to the Hikvision exploit. Customers who own any of these brands’ products may be unaware that the Hikvision vulnerability applies to them and leave their cameras vulnerable.
To protect yourself
When it comes to security cameras, there are a few things you can do to reduce your risk:
- Make sure your camera is set up correctly and all default passwords have been changed.
- Make sure your camera is running the latest firmware and security patches are applied in a timely manner.
- Consider using a VPN or other secure connection when accessing your camera footage remotely, rather than exposing the NVR to the internet.
By following these tips, you can help protect your data and reduce the risk of hacking. However, it is important to remember that no system is 100% secure and there are always risks associated with using any type of connected device.