| The Source for Video Surveillance | See Plans and Prices - IP Video Pro Service |
Is Hacking IP Cameras A Major Risk?
by John Honovich, IP Video Market Info posted on Aug 03, 2009 About John Contact John
Fears are rising that IP cameras can and willl be hacked. At Defcon, a demonstration showed an IP camera's feed intercepted and replaced by a fraudulent video, allowing a hypothetical suspect to steal an object right in front of the surveillance camera; thus bringing Hollywood to 'real life.'
What Do You Think?
Demo of the Hack
Here's a demo of the hack (the theft occurs at the end of the clip). Note the company that does the hack sells software to prevent it.
Bigger Risks Routinely Accepted
As titilating as this demo may be, there are far bigger risks that most real-world security organizations accept every day, such as:
- Most security cameras are not watched live. For all those cameras, there's no need for any fancy hacks. Just walk on in. On the way out, find the recorder and take it with you.
- When security cameras fail, almost no one responds immediately. At best, a trouble ticket or call is opened and the camera is checked in the next few business days. If the cameras are being monitored live, simply shut down the recorder or the power to the recorder/cameras. Most operations will see this as a nuisance but will not shut down the building (casinos, as always, the exception).
Difficulty to Do in a Real Environment
It's one thing to do this in a demo, it's far harder to pull this off in a real environment. Let's say you are one of the very few organizations who both watches cameras live and takes immediate action to cameras going out. The attacker would still need to:
- Get access to the internal LAN of the target organization.
- Pull this hack off against many cameras. These types of organizations are going to have dense camera coverage, which means 3, 5, 10 or more cameras need to be commandeered.
- The attacker will also have to figure out where these cameras are - which generally is not easy. Steal the CAD drawings? Hack in to the VMS system to see the layout? Certainly theoretically possible but not easy to do.
- The demo presumes the use of standard signaling protocols and CODECs. IP video surveillance is famous for its lack of standards. The attacker will have to know which proprietary interface each camera uses and have solutions for each variety. Good luck.
If the attacker is this cunning, intelligent and determined, wouldn't there be higher value targets? Steal critical information, access financial accounts, etc. Or do this legally by becoming a quant at an investment bank?
Security Theatre
This type of attack is security theater - the type of risk that sounds exciting and threatening but is simultaneously unrealistic and ignores more fundamental risks that should be addressed. Maybe maximum level security operations should examine this but I suspect even they have more basic flaws in their video surveillance that need to be addressed first.
Most Recent Industry Reports
Testing Cisco-Linksys Switch for IP Video (SRW208P) on Sep 01, 2010
Switch selection for IP video surveillance is a key consideration in overall design. Unfortunately, it is often less scrutinized than the 'stars' of the solution (i.e., VMS and cameras). Moreo...
Testing Milestone GO VMS (Free 8 Ch) on Aug 29, 2010
Milestone's aggressive moves targeting the smaller video surveillance systems continue. This month's release of a free 8 channel VMS, called XProtect Go, adds to their June 2010 release that droppe...
Testing the iCam VMS / iPhone App on Aug 29, 2010
Home video surveillance systems are quickly getting a lot better and a lot cheaper. A good example of this is an application called iCam that has recently been in the news for helping a homeowner d...
Training: VSaaS Hosted/Managed Basics on Aug 22, 2010
This hour long training explains the basics behind Video Surveillance as a Service (VSaaS). If you want to learn about the most talked about emerging trend in the industry, this is an ideal place t...
Training: Megapixel / HD Basics on Aug 18, 2010
This report provides a 95 minute video series that teaches the fundamentals of using, selecting and applying megapixel video surveillance in real world deployments. We cover 9 fundamental aspects: ...
Real World CCTV / Surveillance Success on Aug 16, 2010
In this report, we find, review and share 50+ real world success stories using video surveillance. These are actual documented examples where crimes, murders, thefts and more have been recorded and...
Testing Archerfish Solo Smart Camera / DVR / VSaas (Cernium) on Aug 09, 2010
Combining many video surveillance functionalities in a single device is a growing trend. The hope is providing a turn-key, 'all-in-one' solution simplifies deployment and provides everything one ne...
Directory of Budget / Home / SMB IP Cameras on Aug 07, 2010
We have completed a broad testing program of budget IP cameras for use in the home or SMB markets. This directory provides links to each test. Full test results including video screencasts and vid...
Testing Rogo's Managed VSaaS on Aug 04, 2010
Managed / hosted video offerings continue to expand with a variety of technical and business approaches. In this test, we examine Rogo's Managed Video offering. The system uses an on-site recordin...
Testing Lorex's IP Camera (LNE1001) on Aug 03, 2010
Simplifying remote viewing is a key element in choosing and using IP cameras for home and small business users. Doing it the 'old fashion' way can require technical skill, be cumbersome and frustra...
Topics Monitored
| Topic |
|---|
| Case Studies |
| Convergence |
| Financials |
| Hosted/Managed Video |
| IP Cameras |
| Megapixel Cameras |
| Retail |
| Standards |
| Statistics |
| Storage |
| Video Analytics |
| Video Management Systems |
| Wireless |
81 Companies Monitored
Find:
Find: