Is Hacking IP Cameras A Major Risk?by John Honovich, IPVM posted on Aug 02, 2009 About John Contact John
Fears are rising that IP cameras can and willl be hacked. At Defcon, a demonstration showed an IP camera's feed intercepted and replaced by a fraudulent video, allowing a hypothetical suspect to steal an object right in front of the surveillance camera; thus bringing Hollywood to 'real life.'
What Do You Think?
Demo of the Hack
Here's a demo of the hack (the theft occurs at the end of the clip). Note the company that does the hack sells software to prevent it.
Bigger Risks Routinely Accepted
As titilating as this demo may be, there are far bigger risks that most real-world security organizations accept every day, such as:
- Most security cameras are not watched live. For all those cameras, there's no need for any fancy hacks. Just walk on in. On the way out, find the recorder and take it with you.
- When security cameras fail, almost no one responds immediately. At best, a trouble ticket or call is opened and the camera is checked in the next few business days. If the cameras are being monitored live, simply shut down the recorder or the power to the recorder/cameras. Most operations will see this as a nuisance but will not shut down the building (casinos, as always, the exception).
- Get access to the internal LAN of the target organization.
- Pull this hack off against many cameras. These types of organizations are going to have dense camera coverage, which means 3, 5, 10 or more cameras need to be commandeered.
- The attacker will also have to figure out where these cameras are - which generally is not easy. Steal the CAD drawings? Hack in to the VMS system to see the layout? Certainly theoretically possible but not easy to do.
- The demo presumes the use of standard signaling protocols and CODECs. IP video surveillance is famous for its lack of standards. The attacker will have to know which proprietary interface each camera uses and have solutions for each variety. Good luck.
Most Recent Industry Reports
Testing the Resolution of the Human Eye on Dec 04, 2013
All sorts of wild guesses and theoretical calculations exist about what the resolution of the human eye is, with 576MP a common claim. No one we can find has ever actually tested it . . . until no...
Hikvision Cameras Tested on Dec 02, 2013
Hikvision claims to be the #1 surveillance manufacturer in the world. That's, well, debatable. What's not in dispute is that they have become huge, fueled by the massive Chinese market, with ...
Testing New Dropcam Pro Camera on Nov 25, 2013
VSaaS, overall, has been a disaster with nearly every provider, including gorilla Axis, struggling to make it big. The one clear exception has been Dropcam. It's end to end solution, targeted for ...
Bosch Flexidome Micro Shootout on Nov 22, 2013
Minidomes are very popular, likely the most popular of all IP camera form factors, due to their relative low cost and small size. Earlier this year, we tested 3 Axis M30 minidomes. Now, we are test...
10MP vs 5MP vs HD Shootout on Nov 20, 2013
HD cameras are commonplace. Everyone offers 1080p. The big question now is how much better is 5MP or 10MP? Is a 10MP camera 5 times better than 1080p as pixel count proponents claim? In this repor...
VMS Mobile Apps Guide on Nov 19, 2013
Every VMS supplier has mobile app clients now, even if many are still not using them. However, significant differences can exist across VMS implementations. In this guide, we review 15 key feature...
Samsung Wisenet III Camera Shootout on Nov 18, 2013
Samsung has never been a serious player in IP cameras, despite their success in other markets. Now, Samsung is pushing their Wisenet III release as their breakthrough offering. Is it really? We b...
Camera Selection Guide on Nov 14, 2013
Entrances, hallways, rooms and parking lots are perhaps the 4 most common areas where surveillance is deployed. But what is the best type of camera for each? What resolution, form factors and FoV a...
Winners & Losers Fall 2013 on Nov 04, 2013
New product releases were terrible this fall. The biggest news was the debatable entry of Axis and Milestone into access control. But the biggest gains might be for Chinese manufacturers who are an...
Testing Geovision Mini IR Camera on Nov 01, 2013
Integrated IR continues to be a growing trend, moving into cameras at both the high and low ends of the spectrum. One new model from Geovision, the 1.3MP GV-UBX1301 claims 10m illumination ran...