Is Hacking IP Cameras A Major Risk?by John Honovich, IPVM posted on Aug 02, 2009 About John Contact John
Fears are rising that IP cameras can and willl be hacked. At Defcon, a demonstration showed an IP camera's feed intercepted and replaced by a fraudulent video, allowing a hypothetical suspect to steal an object right in front of the surveillance camera; thus bringing Hollywood to 'real life.'
What Do You Think?
Demo of the Hack
Here's a demo of the hack (the theft occurs at the end of the clip). Note the company that does the hack sells software to prevent it.
Bigger Risks Routinely Accepted
As titilating as this demo may be, there are far bigger risks that most real-world security organizations accept every day, such as:
- Most security cameras are not watched live. For all those cameras, there's no need for any fancy hacks. Just walk on in. On the way out, find the recorder and take it with you.
- When security cameras fail, almost no one responds immediately. At best, a trouble ticket or call is opened and the camera is checked in the next few business days. If the cameras are being monitored live, simply shut down the recorder or the power to the recorder/cameras. Most operations will see this as a nuisance but will not shut down the building (casinos, as always, the exception).
- Get access to the internal LAN of the target organization.
- Pull this hack off against many cameras. These types of organizations are going to have dense camera coverage, which means 3, 5, 10 or more cameras need to be commandeered.
- The attacker will also have to figure out where these cameras are - which generally is not easy. Steal the CAD drawings? Hack in to the VMS system to see the layout? Certainly theoretically possible but not easy to do.
- The demo presumes the use of standard signaling protocols and CODECs. IP video surveillance is famous for its lack of standards. The attacker will have to know which proprietary interface each camera uses and have solutions for each variety. Good luck.
Most Recent Industry Reports
Rain Surveillance Shootout on Nov 26, 2014
Rain can ruin surveillance video, and your housing choice might be making it worse. In this test, we shot out the five most common form factors of outdoor housing: box, full size dome, minidome, f...
Resolution vs Compression Tested on Nov 24, 2014
They are not the same thing. Unfortunately, too many industry people conflate them. Worse, resolution and compression can silently undermine each other. The Impact Compare the two images below....
Camera DNR (Digital Noise Reduction) Guide on Nov 20, 2014
A significant video problem is night time bandwidth spikes. An IPVM study found 250 - 500% increase in bandwidth from day to night (see: Testing Bandwidth vs Low Light). Digital noise r...
Camera Labor Estimation Standard on Nov 19, 2014
IPVM is proud to release the first ever surveillance camera labor estimation standards. These standards help integrators improve the accuracy and efficiency of their installations, reducing risks ...
Dahua HDCVI 2.0 Tested on Nov 17, 2014
A strong initial reception but can it repeat? Dahua's initial HDCVI analog HD offering, with its super low cost and HD resolution, was extremely well received (see IPVM's HDCVI test results)....
Avigilon Analytic Cameras Tested on Nov 12, 2014
Analytics remains the 'next big thing' But supply of high quality, ease to use analytics remain in short supply. VideoIQ had been the favorite choice of integrators surveyed. But VideoIQ was acqu...
Best & Worst Manufacturer Salespeople on Nov 10, 2014
What manufacturers were rated the worst? Which the best? What do integrators want from their manufacturer salespeople? What offends them the most? New IPVM survey results of 100+ integrators an...
Testing Bandwidth vs Low Light on Nov 07, 2014
Bandwidth and low light can be a bad combination. Despite many assuming / calculating bandwidth as a single 24/7 number, bandwidth can vary dramatically. One of the big drivers of bandwidth chang...
Hikvision Tribrid Recorder Tested on Nov 05, 2014
HD over existing coax, IP and legacy analog cameras, all in a single recorder. A 16 camera 'tribrid' DVR that does all that for less than $400. This is what Hikvision is claiming with its 7200 se...
Camera Finder Released on Nov 03, 2014
The new Camera Finder revolutionizes camera selection. Search across 2100+ cameras for 40 criteria, immediately returning precise matches so you can find the best fit for your specific needs. Thi...