Visible to the public Security of CCTV and Video Surveillance Systems: Threats, Vulnerabilities, Attacks, and Mitigations

TitleSecurity of CCTV and Video Surveillance Systems: Threats, Vulnerabilities, Attacks, and Mitigations
Publication TypeConference Paper
Year of Publication2016
AuthorsCostin, Andrei
Conference NameProceedings of the 6th International Workshop on Trustworthy Embedded Devices
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4567-5
Keywordsattacks, CCTV, covert channels, defenses, embedded devices, Embedded systems, Human Behavior, human factors, insecam, insecurity, Internet of Things, IoT, IPcam, Metrics, mitigations, novel attacks, novel covert channels, pubcrawl, Resiliency, security, shodan, survey, threats, video surveillance, video surveillance systems, vulnerabilities

Video surveillance, closed-circuit TV and IP-camera systems became virtually omnipresent and indispensable for many organizations, businesses, and users. Their main purpose is to provide physical security, increase safety, and prevent crime. They also became increasingly complex, comprising many communication means, embedded hardware and non-trivial firmware. However, most research to date focused mainly on the privacy aspects of such systems, and did not fully address their issues related to cyber-security in general, and visual layer (i.e., imagery semantics) attacks in particular. In this paper, we conduct a systematic review of existing and novel threats in video surveillance, closed-circuit TV and IP-camera systems based on publicly available data. The insights can then be used to better understand and identify the security and the privacy risks associated with the development, deployment and use of these systems. We study existing and novel threats, along with their existing or possible countermeasures, and summarize this knowledge into a comprehensive table that can be used in a practical way as a security checklist when assessing cyber-security level of existing or new CCTV designs and deployments. We also provide a set of recommendations and mitigations that can help improve the security and privacy levels provided by the hardware, the firmware, the network communications and the operation of video surveillance systems. We hope the findings in this paper will provide a valuable knowledge of the threat landscape that such systems are exposed to, as well as promote further research and widen the scope of this field beyond its current boundaries.

Citation Keycostin_security_2016