The Most Dangerous (and Easiest) Way To Export Surveillance Video

Published Mar 11, 2016 05:00 AM

Rogue cellphones.  

Most DVRs/NVRs and VMSes have options to limit video export to external devices, but none of them can fix the analog hole.

Circumventing ******** *** *********

********** *** ********* ******** ******** *** user ****** **** ******* ********* ** sharing ** *****, *** **** **** not **** ** ******** **** ****** a ***** **** ***** *********.

***** ** ****-******* ****** *** *** a ******** ***** * ******* **** could ** **** **** * ****'* salary, ** ** *** *** **** *****. 

*** *** * ******** ***** ** ******* to **** **** *** $***,***.

  

***** ***** *** ***** ***** ** exported **** *** ***:

** *** ** ********* ** ***** down *** ****** ** ****-***** ***** leaks, ****** ** ******** *** ********* to ****** ***** **** ***. *** leaker ** *** ***-* ***** *** found *** *** *****, *** *** leak ****** *** *** **** ***** was ***** **********.

******* *******: *** ** ********** ******** video *** **** ********, *** * cellphone *********, ***** **** ***:

Easier **** ****** *******

********* ********* ********* *** ******* ** clips ** ** **** ** *** clumsy ** *********** ****** *********.  ** you *** ****** ** **** * short **** ** ******* ** * hurry, **** ****** *** ** **** faster **** ***** ******* *** ******* of ********* ***** *** ******, ******* the ****** ******* ********, ********** ***** to ***-*********** ****** *** **** ******** the ****.

*** ***** ******, ***** *** ***** is **** ********* **** *** ******* in *** *****, ****** ********* *** camera ** *********.******** *** ***** ******** ** *******/****** *** ****** *** **** *******. 

Often **** ** ******

****** ***** ******** ***** ************ **** exporting *****.  ** ***** ****** ** citizen ****/**** ****** ** *********** ******** in * ****** ****** ****** ******** have *** ** ****** ** ***** cellphones ** **** **** ** ****** directly **** ********.  **** ****** ******* the ******* ** *** ***** **** the ****** ******, *** *** ** the **** ********* ****** ** ***** cases.

No **** ***** ********

*******-********* ************* **** *********** "** **** phone" ******** *** ********* **** ********* work **** ***** ************ *******. **** video ********** ******* ******** ******** ********* from ****** **** ****** ** ***** possession ***** ** *****.

**** ******* ***** **** ******, ******* and ******* ** *** ** **** hard ** ********** ***** *** *** analog ******** *** ******* ********* **** recording **-****** *****.

Comments (12)
U
Undisclosed #1
Mar 12, 2016
IPVMU Certified

...but none of them can fix the analog hole.

Couple, three far out 'fixes' for the analog hole.

LCD refresh

You know how sometimes when you make a video of a PC it comes out really bad; dim and with rolling lines thru it? Usually this is a function of the display technology used + PC's refresh rate + the cameras shutter speed.

If you look at the individual frames, you would see many blank screen or partially blank screen frames. The brighter the screen of the PC, the faster the shutter of the cell phone, and the greater the chance of catching the PC during a blanking interval.

And unlike CRT's or even plasmas, LCD screens have little persistence in the luminance of their pixels. They switch on and off quickly and with little effect due to hysteresis. They also have a far wider range of refresh rates available, from 30hz to 240hz. I wonder if a rate could be found that would substantially degrade the picture?

Macrovision ripoff

You may have tried to copy a blockbuster VHS tape and been disappointed with the result. That is likely due to Macrovision protection, a scheme by which the auto gain of the recorder is fooled by a extremely quick and false signal that causes the recorder to constantly adjust the gain, leading to a crappy recording.

Likewise, perhaps a subliminal signal, to quick to be perceived by our eyes, could be introduced that would cause the cellphone camera to adjust by lowering the gain and degrading the video.

Key Lemon

Taking a different approach, there is a face recognition/authentication single sign-on program called Key Lemon, which can automatically lock the session if it no longer detects your face directly in front of the screen. It also records people who try to enter your session. Although, I'm sure someone could stay in front of the screen and record at the same time, I wonder if it could be modified to lock a session if it sees a cell phone in the frame.

I'm sure even that could be beat, but remember the people who take these videos have not figured out how to beat these systems ahead of time, it's not like they are expecting J-Z to walk into an elevator and beat someone up on camera. So just a decent deterrent that makes it harder than just point and shoot may be all you need to make someone think twice.

(1)
(2)
JH
John Honovich
Mar 12, 2016
IPVM

"It also records people who try to enter your session."

More generally, add a camera on the operators / control room. They may not like that but it would help in checking who filmed the video with their phones.

(4)
MG
Michael Goodwin
Mar 13, 2016

Exactly, second issue though is having people with access to this who are not trustworthy, if you have dodgy staff then you should be paying for the mistake of not having the right people. (my view on the companies that have these dodgy security guards recording the footage on cellphones)

U
Undisclosed #1
Mar 13, 2016
IPVMU Certified

How much do you have to pay a guard a year so that $250,000 in a day won't tempt him?

(1)
MG
Michael Goodwin
Mar 13, 2016

I don't consider there to be a correlation between ethics and pay level

(2)
U
Undisclosed #1
Mar 13, 2016
IPVMU Certified

Though they say "Every man has his price"...

UI
Undisclosed Integrator #2
Mar 13, 2016

It's true that cell phones are a problem and the cell videos of celebrities in jail and such are a liability. Look at the award against Marriott for the peep hole video.

Many VMS platforms log who reviews video and for what cameras, but once the genie is out of the bottle it's hard to get back in. Who can you trust and do you use two person authentication to review video?

It won't be the desk clerk paying 22 million in damages.

(1)
UI
Undisclosed Integrator #2
Mar 13, 2016

I have had customers give keys to the building to one employee and alarm codes to another. Two man rule.

Same concept the military uses in silo's. It doesn't make it impossible but it does reduce the odds.

High security places don't allow phones with cameras so for a long time Blackberry made a smart phone with no camera for government workers.

Avatar
Greg Hussey
Mar 14, 2016

Just having fun here, but most crap DVRs are recording in a lower resolution than the monitor being viewed from yet an iPhone camera resolution is greater so there would actually be more pixels being used to record a video taken directly from a computer monitor attached to a crap DVR (with an iPhone).

This is kind of like the scanners being sold today, what is the point when you can take a picture with your iPhone at 12MP and hit send.

Technology is fun.

JH
John Honovich
Jan 09, 2017
IPVM

TMZ / cell phone strikes again: FT Lauderdale airport shooting footage recorded by cell phone, feared sold to TMZ.

U
Undisclosed #3
Jan 09, 2017

Another vulnerability to be aware of is a MITM attack on the HDMI output of a VMS client that is undergoing the security reviews. I would think that one would even be able to capture 4K with this method with the right gear. I also have seen posts of encrypted HDCP streams failing on such attacks when the intent is to protect the stream. Security is from end to end and not point to point.

Avatar
Vishal Kapoor
Aug 06, 2017

I would ensure strict guidelines and processes are set for those who leak video. Make the operators sign a non-disclosure agreement that if they end up leaking the video they could face with serious legal action. Enforce the same. 

I usually put a small microdome camera in the Operator Room recording whenever there is someone in the room. This is to let the operators know that they are being watched. If someone does pull out a cell phone to record video - it will be captured.

Setup an Audit Log to capture all actions performed by an operator. Usually they would playback a video at a later date then record it. (not during the actual incident). 

Ensure exported video is watermarked & digitally signed - both on storage & export ensuring a chain of trust. 

Unfortunately whatever you do may still be a step short for someone who has intent. One can only hope that they have covered all bases.