X
Get all access to the world's best video surveillance information.
Logo
680-70-2015-free-banner

Is Hacking IP Cameras A Major Risk?

by John Honovich, IPVM posted on Aug 02, 2009 About John Contact John

Fears are rising that IP cameras can and willl be hacked. At Defcon, a demonstration showed an IP camera's feed intercepted and replaced by a fraudulent video, allowing a hypothetical suspect to steal an object right in front of the surveillance camera; thus bringing Hollywood to 'real life.'

What Do You Think?

Demo of the Hack

Here's a demo of the hack (the theft occurs at the end of the clip). Note the company that does the hack sells software to prevent it.

Bigger Risks Routinely Accepted

As titilating as this demo may be, there are far bigger risks that most real-world security organizations accept every day, such as:

  • Most security cameras are not watched live. For all those cameras, there's no need for any fancy hacks. Just walk on in. On the way out, find the recorder and take it with you.
  • When security cameras fail, almost no one responds immediately. At best, a trouble ticket or call is opened and the camera is checked in the next few business days. If the cameras are being monitored live, simply shut down the recorder or the power to the recorder/cameras. Most operations will see this as a nuisance but will not shut down the building (casinos, as always, the exception).
Difficulty to Do in a Real Environment
It's one thing to do this in a demo, it's far harder to pull this off in a real environment. Let's say you are one of the very few organizations who both watches cameras live and takes immediate action to cameras going out. The attacker would still need to:
  • Get access to the internal LAN of the target organization.
  • Pull this hack off against many cameras. These types of organizations are going to have dense camera coverage, which means 3, 5, 10 or more cameras need to be commandeered.
  • The attacker will also have to figure out where these cameras are - which generally is not easy. Steal the CAD drawings? Hack in to the VMS system to see the layout? Certainly theoretically possible but not easy to do.
  • The demo presumes the use of standard signaling protocols and CODECs. IP video surveillance is famous for its lack of standards. The attacker will have to know which proprietary interface each camera uses and have solutions for each variety. Good luck.
If the attacker is this cunning, intelligent and determined, wouldn't there be higher value targets? Steal critical information, access financial accounts, etc. Or do this legally by becoming a quant at an investment bank?
Security Theatre
This type of attack is security theater - the type of risk that sounds exciting and threatening but is simultaneously unrealistic and ignores more fundamental risks that should be addressed. Maybe maximum level security operations should examine this but I suspect even they have more basic flaws in their video surveillance that need to be addressed first.





Most Recent Industry Reports

Winners Losers Spring 2015 on May 18, 2015
The industry is in the midst of major changes. Consolidation, driven by commoditization and declining financials, is real. New products are moderately better than last year, but still not enough t...

Free Top IPVM Resources on May 16, 2015
Here are 12 of the top IPVM resources, available for free. Members, if you want to share / introduce IPVM to a friend, this directory is a great start so they can see the outstanding informati...

Testing Dahua HDCVI Encoder With VMSes on May 14, 2015
HD Analog cameras have incredibly low prices for true HD video. But HD analog recorders are pretty simplistic and underwhelming. Moreover, many want to use HD analog cameras with their establishe...

The $100 MP Era is Here on May 13, 2015
The video surveillance industry has entered a new era. This era is disrupting the biggest players in the industry and changing long-held industry dynamics. The Old Era - 2009 to 2013 ...

Samsung Wisenet Lite Cameras Tested on May 11, 2015
Far lower-cost MP cameras are a major trend now. So far, the 'Chinese' have been leading the way here. Samsung's Wisenet III series hit the market offering performance similar to more expensive h...

Testing IP Camera Test Monitor (Tatung) on May 06, 2015
Integrators frequently cited insufficient installation tools as one of the key problems of IP camera installation. While many use a laptop, the size and necessary accessory devices to do this make ...

WDR Camera Shootout 2015 on May 04, 2015
This is the most comprehensive Wide Dynamic Range (WDR) IP camera shootout ever. We tested 10 of the latest generation multiple-exposure true WDR cameras, including: Arecont Vision AV3116DNv1 ...

Uniview Chinese Camera Tested on Apr 28, 2015
The company claims $263 million in 2013 revenue and to be the third largest Chinese surveillance manufacturer (after Hikvision and Dahua). Despite being owned by American investment firm Bain Capi...

Google Maps Camera Calculator Released on Apr 27, 2015
The new IPVM Google Maps Camera Calculator empowers surveillance professionals to plan and design systems like never before. Whatever project you are working on, enter the address and start mappin...

Gain / AGC for Video Surveillance Guide on Apr 23, 2015
Gain control is a critical, though often overlooked, factor in low light surveillance video. It is generally only noticed when the negative side effective of aggressive gain levels are seen, namely...