Protect Your Video Surveillance (CCTV) System from Cyber Attacks

In the category of “if I had a nickel for every time …”, camera and video system vulnerabilities would rank right at the top. Nearly every time we are requested to assess an existing video surveillance system, it amazes us (especially in this day and age) how many times we find these vulnerabilities.

It goes without saying that protecting your cameras and video system is absolutely critical – even more so if the devices reside on the same network as your business data.

Most Prevalent Camera and Video System Vulnerabilities

Default Camera Passwords– Each IP camera has a simple default password when shipped. Upon installation, these need to be changed to a much more rigorous password to avoid easy entry by hackers. There is a published list on the Internet of camera default passwords making it incredibly easy to obtain this info. Think of each camera as a critical computer device and apply the same diligence to setting camera passwords.

Opening a Port to your Network – Remote video is a “hot” thing for good reason. Having access to your security cameras from anywhere at any time is very valuable. However, in most video management systems (VMS), this requires creating a doorway into your network to access the video streams.  This creates an opportunity for exploitation and exposes the network to unwanted entry. Fortunately, there are advanced VMS currently available to eliminate the need for inbound communication requests. Furthermore, these systems require multiple levels of authentication by the remote users.’

Older and Unpatched Versions of Firmware and Software – In the past two years, according to IPVM (leading independent information source for video surveillance), there have been 35 published video surveillance vulnerabilities and exploits to manufacturer’s hardware and software. Unfortunately, no manufacturer is unscathed, even our favorites (Axis, Pelco, and Sony). The two major Chinese based manufacturers (Hikvision and Dahua) have had the most vulnerabilities discovered during this period. Once discovered, manufacturers typically fix these vulnerabilities quickly and provide a patch version of firmware or software. Too often, the patches are never deployed by the users or system owners.

Typical Impacts of CCTV System Vulnerability

What can happen if a vulnerability is exploited? Multiple cases of the following have and continue to occur.

• One of the more common things is that camera settings are changed or disabled resulting in loss of important video data or the usefulness of the camera when the recorded files become corrupted or the camera configurations are tampered with.
• Hackers will access live or recorded images for the area of protection and exploit or expose this to the public view, sometimes to the embarrassment of the system owner.
• Compromised cameras are used to steal usernames and passwords to other systems on the network, gain elevated privileges and stage their attack on the main target.
• Sometimes, a large number of compromised cameras can be the launching pad for a Denial of Service attack.
• Malware/bots can be inserted into the cameras or the VMS software.
• Remote access to an unsecured VMS opens both remote user and the company network to a Man-in-the-Middle attack providing an imposter to gain access to the remote workstation or the company network.

Five Things to Do to Protect Your Video Surveillance System

There are more than five things that can be done, but in the spirit of doing a few good things well, we recommend starting with the following as a minimum.

1. Change default passwords prior to installation on your network.  If already installed, schedule this as soon as you can and then periodically change the camera and video system passwords.
2. Update your systems with the latest software at least once per year and whenever a patch for a specific vulnerability is released by the manufacturer.
3. Deploy camera and video system health monitoring (or work with a reputable 3rd party to do so). Most new systems provide system health monitoring tools. The cameras are your security eyes (and ears in some cases). Who is monitoring the cameras and video system to ensure it is functioning properly and not being attacked?
4. Turn off or disable unused camera services.  Cameras are often shipped with all of the features and functions turned on by default.
5. If you’re allowing remote access to the VMS, use SSL encrypted traffic, RTSP/HTTPS or other secure communication methods that make sense for your situation.  Not all VMS owners/users have access to IT departments, but you do have access to someone that can help.

TSG Security places cybersecurity as one of the must-haves when integrating security systems. Contact us to learn more about protecting your CCTV system.

Authored by Robert Cordeiro, Technical Director at TSG Security