Is Hacking IP Cameras A Major Risk?by John Honovich, IPVM posted on Aug 02, 2009 About John Contact John
Fears are rising that IP cameras can and willl be hacked. At Defcon, a demonstration showed an IP camera's feed intercepted and replaced by a fraudulent video, allowing a hypothetical suspect to steal an object right in front of the surveillance camera; thus bringing Hollywood to 'real life.'
What Do You Think?
Demo of the Hack
Here's a demo of the hack (the theft occurs at the end of the clip). Note the company that does the hack sells software to prevent it.
Bigger Risks Routinely Accepted
As titilating as this demo may be, there are far bigger risks that most real-world security organizations accept every day, such as:
- Most security cameras are not watched live. For all those cameras, there's no need for any fancy hacks. Just walk on in. On the way out, find the recorder and take it with you.
- When security cameras fail, almost no one responds immediately. At best, a trouble ticket or call is opened and the camera is checked in the next few business days. If the cameras are being monitored live, simply shut down the recorder or the power to the recorder/cameras. Most operations will see this as a nuisance but will not shut down the building (casinos, as always, the exception).
- Get access to the internal LAN of the target organization.
- Pull this hack off against many cameras. These types of organizations are going to have dense camera coverage, which means 3, 5, 10 or more cameras need to be commandeered.
- The attacker will also have to figure out where these cameras are - which generally is not easy. Steal the CAD drawings? Hack in to the VMS system to see the layout? Certainly theoretically possible but not easy to do.
- The demo presumes the use of standard signaling protocols and CODECs. IP video surveillance is famous for its lack of standards. The attacker will have to know which proprietary interface each camera uses and have solutions for each variety. Good luck.
Most Recent Industry Reports
List of Security Manufacturer Representatives on Aug 31, 2015
Below is a list of 120+ Security Manufacturer Representative Firms. These companies partner with manufacturers to represent them in specific regions. Typically, a 'rep firm' will represent one manu...
HD Analog Four Way Cameras Tested on Aug 28, 2015
One camera that delivers AHD, HDCVI, HDTVI and 960H, all for as little as $15 a camera. Both on price and claimed support, that is pretty outstanding. And we are hearing from people all over the w...
The Prox Reader Shootout on Aug 27, 2015
In this report, we put eight readers of the popular 125 kHz contactless format head to head and see which one rises to the top. Over a third of integrators call 125 kHz 'favorite', and tens of t...
Axis WDR Zipstream Low-Cost M1125 Tested on Aug 26, 2015
Axis has been busy promoting speciality devices like IP horns and video intercoms. However, they have quietly released a new series of low-cost HD cameras with true WDR and Zipstream support, spec...
IPVM Launches Live Chat Room on Aug 24, 2015
Now you can get help or talk with colleagues any time with IPVM's new Live Chat. Chat is as old as AOL chat rooms and as hot as mega-startup Slack. Benefits of Chatting Ask a question anytime,...
SMB Market Video Surveillance Guide on Aug 20, 2015
This 13-page guide explains the key uses, design factors, and players in the small-medium business surveillance market. A global group of 90 integrators responded, each offering insigh...
Panasonic 4K / 12MP Camera Tested on Aug 17, 2015
We bought the new Panasonic 4K / 12MP WV-SFV781L dome camera and tested it against the: Axis P1428E Bosch NBN-80122 Dahua IPC-HFW4800E In this in-depth report, we tested: ...
Testing Petzi, The Pet Cam That Shoots Treats on Aug 14, 2015
Do you love dogs? Do you love the Internet of Things? Then we have a product for you. Half camera, half remote-controlled pet treat dispenser, Petzi lets you shoot treats at your dog. That'...
Genetec Cloud Tested on Aug 12, 2015
Not since Axis public and prolonged agony with AVHS, has a major manufacturer bet as heavily as Genetec is now doing on the cloud. Genetec started with Stratocast, which took a similar small ...