Cybersecurity Snapshots #11 - Are Security Cameras Vulnerable to Cyberattacks?

Cybersecurity Snapshots #11 -

Are Security Cameras Vulnerable to Cyberattacks?

The use of security cameras in both personal and commercial applications has continued to grow and have become an attractive target for hackers. While users acknowledge that cybersecurity related to security cameras needs to be taken very seriously, currently many security cameras have vulnerabilities which could allow adversaries to spy on victims, gain access to video recordings to sell, and possibly gain access to other devices on the same network.

Researchers at Genetec Inc. conducted a study that found 7 out of 10 security cameras are currently running out-of-date firmware. Over half of the security cameras with out-of-date firmware (53.9 percent) contained known cybersecurity vulnerabilities. Genetec's lead security researcher stated that nearly 4 out of every 10 security cameras are vulnerable to a cyber-attack. The researchers also discovered that 1 in 4 organizations fail to use unique passwords for their security cameras and instead rely on the same password across all cameras, leaving an easy point of entry for hackers once only one camera has been compromised.

Individuals and organizations should keep security cameras firmware up to date because it is a crucial step in ensuring that their security cameras are resilient against cyberattacks. Constantly updating the security cameras firmware ensures that the latest cybersecurity protection measures are implemented as soon as they become available. Individuals and organizations should change the default password of security cameras they receive to strong, hard-to-guess passwords. Each camera should have its own password, and should employ two-factor authentication if possible. That way, if an adversary does have your password to access the security cameras, it is less likely they will access them successfully. If you get an alert that someone has tried to access your security cameras and it was not you, then change your passwords immediately.

Recently, researchers at a company called Which? discovered that around 3.5 million security cameras installed in homes and offices predominantly in Asia and Europe , but can also be found around the world, have serious vulnerabilities that could allow an adversary to spy on victims, steal their data, or target other devices on the same networks. Brands with potentially vulnerable cameras include Alptop, Besdersec, COOAU, CPVAN, Ctronics, Dericam, Jennov, LEFTEK, Luowice, QZT, and Tenvis. The researchers stated that any wireless camera using the CamHi app and sporting a certain type of Unique Identification Number (UID) could be susceptible to a hack. About 700,000 of the cameras stated above are in use in Europe, including 100,000 in the UK. Recently an unnamed hacker group gained access to over 50,000 home security cameras and stole victims' private footage to post on their discord server. Discord servers are topic-based channels where one can collaborate and share information with anyone who is in the same discord channel.

Security researchers at Internet of Things security firm Dojo by Bullguard discovered a way to successfully exploit a security vulnerability in Amazon Ring video doorbell that, if exploited, could leave audio and video transmission exposed to third-party attacks. To exploit the vulnerability, the adversary would have to gain access to a victim's Wi-Fi network. The ring owner would also have to be connected to the same network. Once connected, the attacker can see audio and video as transmitted from the Ring video doorbell to the Ring application used by the owner. That footage is unencrypted when transmitted, making it easy to intercept once a hacker has gained access. The adversaries could use the video and audio to spy on the homeowners. The adversaries could also inject their own footage, which could be used to trick a homeowner into unlocking their door remotely. Amazon has been made aware of the issue and has issued an update to its Ring app to address the vulnerability.

Researchers at Strategy Analytics predict that smart home surveillance cameras will grow from a 7.0 billion market in 2018 to a 9.7 billion dollar market in 2023. They also forecast that sales of smart home surveillance cameras will more than double over this period, from 54 million in 2018 to 120 million in 2023. Due to the continual increase in the use of surveillance cameras in the future, it will be even more important to make sure they are not vulnerable to cyberattacks.