The Biggest Thing That Worries Me About IP Camera Systems

I got into IP camera systems because I wanted to see better video quality than traditional analog cameras could provide. I love that a single cable can provide video, audio, power and camera control. However the thing that worries me the most about IP camera systems is security vulnerabilities.

Every day I read news reports of criminals and government agencies, at home and around the world, hacking into computer and phone networks. I hate the idea of strangers hacking into IP camera systems and looking at my business or home. Even worse, cloud storage must be a honey pot for hackers as breaking into one facility would potentially provide access to video surveillance of hundreds or thousands of customers. I wonder how often some dodgy character unscrews an external IP camera, plugs the Ethernet plug into a laptop and sniffs around to see what they can find on the internal network? Analog cameras never provided such an easy way to "look" inside someone's building or network.

In the ongoing quest to produce IP cameras with the most features and at the lowest possible price, I wonder just how many resources are put into ensuring the cameras have the best possible security features and are exhaustively tested for vulnerabilities?

I'd be interested in any comments about how other members determine if an IP camera has excellent or only average security features and if it's possible to find out how well they have been tested for security vulnerabilities.

What do you do to keep your IP systems secure? Is it too far-fetched to consider unplugging IP camera systems from the Internet?

Do HDCVI camera systems have an inherent security advantage over IP camera systems with only the DVR being at risk from outside attack?

I wonder if IPVM might consider a course on IP security for IP camera systems and/or access control systems? I'd certainly sign up. Thank you in advance for your collective wisdom on this topic.


Do HDCVI camera systems have an inherent security advantage over IP camera systems with only the DVR being at risk from outside attack?

"Only".

In fairness, with a DVR and non-IP cameras, you only have 1 point of vulnerability (the recorder) instead of 5, 9, 16, etc. (i.e., recorder + each IP camera).

"How many resources are put into ensuring the cameras have the best possible security features and are exhaustively tested for vulnerabilities?"

In general, not a lot. That's why you get regular reported issues - see: Hacking D-Link, Cisco And IQinVision - Black Hat Video and Is Hacking IP Cameras A Major Risk?

"In general, not a lot. That's why you get regular reported issues"

That confirms my deepest fear about IP camera systems. I wonder if there is a way we can push for higher security standards in IP camera systems? I also wonder how liable resellers and installers might be for providing IP camera systems without trying to find out if there are likely to be security vulnerabilities? This is where it could be helpful to have a standard or set of standards which IP camera systems should meet to provide some confidence in the security of the systems.

Hi Ari, I knew someone would query that point :)

A nice aspect of an analog or HDCVI system is only having to concentrate on security for one component, namely the DVR. If one has several different brands and/or models of IP cameras connected to an NVR, one not only has to configure several different interfaces for camera security settings but may also have to apply multiple firmware updates to patch different vulnerabilities on several camera models, in addition to the NVR. It's a lot more work than analog systems and I feel there is greater potential to overlook an important security setting or update on one camera. Compounding this problem is the fact that many manufactuers do not make their firmware updates publicly available on their websites but only through distributors. That makes it more likely that an end-user has unpatched cameras with old vulnerabilities multiplied by the number of cameras they are using.

I think John had a more concise way of expressing this than I did!

There are a few network "best practices" that can be implemented to secure your network. Taking the theme of someone unplugging a camera:

- First off, an outdoor camera should have the cabling run through conduit, so an attacker can not simply plug in.

- On the network, VLANs can be created, so that if someone were to gain access, they could then only access the security network, and not the production network.

- Many networks (and cameras, recorders, etc.) support a feature called 802.1x. 802.1x is a network protocol that uses a certificate that gets loaded on to each device. This certificate positively identifies each device. The network is configured to only allow certain certificates (devices) on to the network. Thus, if someone were to plug in to an unsecured network jack, say in a conference room, they would be denied access to the network.

- Many people prefer dome cameras so that the network cables/jacks are in the ceiling, and not accessible. With box cameras, sometimes people will but a network jack in the ceiling that someone could access. Box cameras are not that popular, and if they are used, they should be high enough so that someone can't reach them, as opposed to how they did it at DIA.

-Network switches also allow for filtering by MAC address and/or IP addresses. This can easily be spoofed, but it is better than nothing to prevent a simple intrusion.

Hi Aaron, thank you for your list of best practices. In particular, I will look more into the use of 802.1x.

"I hate the idea of strangers hacking into IP camera systems and looking at my business or home."

Why would anyone want to do this - and more importantly, what is the actual risk? I don't like the idea of strangers climbing trees and looking in my 2nd story windows, but I don't really take steps to protect against it, as the likelihood of this happening is pretty remote.

"Do HDCVI camera systems have an inherent security advantage over IP camera systems with only the DVR being at risk from outside attack?"

In the incredibly unlikely scenario of someone 'hacking' your surveillance system, would you want the hacker to be able to see one camera - or all of them, via 'hacking' the device that manages all your cameras?

I don't like the idea of strangers climbing trees and looking in my 2nd story windows, but I don't really take steps to protect against it, as the likelihood of this happening is pretty remote.

You must live out in the boonies somewhere. I've got windowshades on my second story windows, and so do all my neighbors.

In the incredibly unlikely scenario of someone 'hacking' your surveillance system...

We've had this discussion before. More than once, I think.

In the incredibly unlikely scenario of someone 'hacking' your surveillance system...

I think a distinction has to be made between attempted hacking by physical proximity (unplugging a camera for instance) and attempts by remote network exploit. The former has likely never happenned to you, the latter happens every day.

Hi Ari, thank you for your reminder of the passwords discussion. That's a basic but very important point.

"Why would anyone want to do this" ... "hacking into IP camera systems and looking at my business or home"?

Several reasons spring to mind. Firstly, because it's a challenge and there are just some kinds of people that really love to try to hack systems, especially teenagers and young adults.

Secondly, if a criminal wanted to burgle a home or building, imagine the advantage they would have by being able to have a good look around without even having to enter the building. It would be a bit like looking for real estate online. The criminal could pick and choose the more desirable premises to burgle and also note when the occupants come and go, all without having to be anywhere near the premises where their traditional reconnaissance might be conspicuous. Now extend this idea to abductions and kidnappings and it becomes scarier.

Big business, governement agencies and outright criminals all have reasons why remotely accessing other people's IP surveillance systems must seem very attractive and a practical tool to achieve their aims.

I certainly agree that the DVR or NVR must be very well secured as it gives access to all cameras.

Script Kiddies will be script kiddies. They may do basic things but will not get too far. The big issue is real hackers. Hackers that never get caught. Do you think the Chinese Government views our corporate cameras? Do you think the NSA views a few camera systems? How about Corporate Espionage? Who attended this private conglomerate meeting? Who is my competitor working with?

Spot on Jeremiah. While the NSA and UglyGorilla might have been highlighted by the media, I think most countries have governement agencies that hack IP systems domestically and internationally. It's just that the other countries haven't been caught in the act or exposed publicly.

Doesn't everybody know that the very best surveillance system hackers work out of Hollywood, with documented exploits against The Vatican, the Library of Congress, Fort Knox, dozens of high-rise corporate towers in Singapore, every evil henchman's lair on the block, and even the White House. I just can't figure how they do it.

Michael, you need to start with a software interface with a huge font that says something about hacking. Very pretty graphics also help. Sandra Bullock and "The Net" should give you some guidance.

I have deployed IP cameras and access on a number of US Military sites, and 'getting on' the network is not as easy as plugging in a laptop to a spare network jack.

They associate (logical) access controls with MAC addresses, and penetration testing is not a casual responsibility. On top of that, even IF you had those basic provisions, gaining access to the right subnet, knowing the username/passwords of the right software, and doing it quickly just does not happen.

I think that 'best network security practice' diminishes most (if not all) the risk. The US Military uses IP cameras, but they add no layers beyond what they devices/systems already are furnished with. They just expect the IT folks to a good job of protecting the entire network utility.

Most corporate customers follow the same line of thought: Yes, protect the network in general, but don't worry about the risk of IP Video specifically.

Hi Brian, thank you for your insight. This could mean that small business and home installations are most at risk as they probably don't have enough knowledge to properly secure their network and may accidentally open holes in their router to allow hackers straight in.

Hacking is sterotypically performed for vulnerability testing and fun by a lot of novices and youngies, however there are organized crime-rackets that carry out systematic hacking to gain advantage financially etc.

Typically, in over 50% cases, security integrators / installers fail or simply are not consoderate when it comes to securing the security systems themselves.

Whether it's an analogue or IP or HD-over-coax surveillance, taking basic security measures are must - this includes tightened physical access to devices, cheaper back-up / covert surveillance (remember bush-cams?) to overlook expensive outdoor cameras, regular monitoring, setting alarms / notifications for changes, integration with alarm, access-control or other automation systems, implementing / enforcing password-change policies at regular intervals AND changing default passwords, turning off / limiting admin access and creating new users with secure passwords, using more secure routers and not opening up default ports etc. The list goes on depending on what type of surveillance system you use.

As again, when it comes to security itself this has nothing to do with IP surveillance being less secure. In fact if you use right tools, IP surveillance can be most secure over other types of surveillance. I think I am making a bold statement here.

Somebody said it right in a comment earlier - may be a course on IP/IT security would be a very good idea John. This will help most installers / integrators come up to terms as to what the minimum measures should be taken.

I am pretty sure most IPVM Pro members are one step above than their peers when it comes to possessing IT/IP knowledge, but a well-designed IT/IP security course will benefot a lot of people.

Thank you Sharvil, that's a very helpful list of comments, tips and observations.

So many great questions.

How many resources are put into ensuring the cameras have the best posibly security features and are exhaustively tested for security vulnerabilities?

In general, just as many resources are put into any other network based product. No vendor wants to see their product in the news and no vendor wants to violate the trust of their customers. Secure network products are in the best interest of the vendor.

The other part of this answer is: it depends on the vendor. A lot has to do with the product management and engineering culture within the organization. I'd say if you want to increase the chances of getting a product from a vendor that cares about security, choose an established brand. They will likely have more at stake and get more scrutiny from their other large customers in order to win big projects.

How often does some dodgy character unscrew an external IP camera, plugs in the Ethernet plug into a laptop and sniffs around to see what they can find on the internal network?

I think, not often. Other easier avenues into your network are likely to exist. Your network's wifi is most vulnerable. Also social engineering, or introduction of a virus/back door via more common systems on your network (for example, your windows PC). Finding a network port via an external IP camera is a very specific type of attack so it's just not going to happen as often as other ways of accessing your network. You can protect yourself by setting up a network segment for the IP cameras that does not give out IPs via DHCP, or that requires 802.1x based authentication for network access.

How do you determine if an IP camera has excellent or only average security features and if it's possible to find out how well they have been tested for security vulnerabilities.

You can always ask the vendor. They should have material designed to address security concerns about their products. You should look for third party assessments (like what might be possible via IPVM). You should ask them about their testing as well as their patch and update process.

What do you do to keep your IP systems secure?

Well, as an IP system one needs to do all the same things one does to keep any network secure. There's a long list of best practices, products and tools, and no shortage of material to help you secure your IP network from attack.

For IP cameras you should get some security vulnerability scanning software and scan the cameras and recording systems. Read up about how to use these tools and see if you can apply them before buying a particular product. Ask the vendor to patch any critical vulnerabilities you find.

Since you seem concerned with the IP port itself as an attack vector, look into 802.1x and be sure to partition the security system from the rest of the IP network.

Is it too far fetched to consider unplugging IP camera systems from the internet?

No, not at all. The safest system is one that doesn't communicate with any other systems. It diminishes the utility of the system, but if you really want to keep it secure, don't plug it in.

Do HDCVI camera systems have an inherent security advantage over IP camera systems with only the DVR being at risk from outside attack?

Non IP cameras (like analog or HDCVI) would reduce slightly the vulnerability footprint of the system. The question is, by how much? If your DVR is on the network then it's still a candidate as a vulnerability. But your IP cameras don't increase that risk by much in and of themselves.

But your IP cameras don't increase that risk by much in and of themselves.

Although we can debate how large the exposure with just a DVR is, whatever it is, that risk is increased considerably with even a modest number of IP cameras.

Take a system with say 24 cameras from a handful of vendors with each possibly with its own underlying firmware and specific vulnerabilities, and odds are good the there is some unpatched exploit out there for one of them. As opposed to managing a single device.

A building with only 1 entrance/exit is far more secure than one with 24 side doors all with a different lock type. But agreed, you don't even want to let them in the parking lot.

Rukmini, I get your point. I was focused on Luke's choice of words "from outside attack." This implies to me we're talking about somebody remotely trying to access his network, which contains a recorder and some number of IP cameras. With the whole mess presumably behind a firewall. Maybe my assumption is wrong, but the fact that IP cameras exist on that network doesn't make the network itself more vulnerable to outside attack. If I've gained access to his network so I can access the cameras, attacking the cameras themselves don't do much to help me exploit his network.

Since DVRs are often attached to the Internet via port forwarding, etc., the implications are that the DVR makes a juicy attack vector while the risk presented by IP cameras on that same network pales in comparison.

If what we're talking about here is concern about video privacy, then you're right, more IP cameras increase risk that somebody will be able to see your video without your authorization (assuming they've already somehow managed to intrude on your network).

Agreed, its doesn't make it easier to get thru the firewall from the outside, (unless we're talking about physically swapping cables, which I'm not). But if there is a way thru, say like an indirect one, thru the corporate (friendly) lan, it's a different ballgame. Again it shouldn't happen to begin with (what should?). So we agree, I think.

FWIW, contrary to image of the brilliant hacker/quarterback throwing the big touchdown pass (a single zero day exploit), the far more common scenario is one of many short yardage gains, one minor exploit at a time, and the difference between penetration or frustration lies more in what combination of products just happen to be installed together than what the products are themselves.

Good point Steve. While I did mention outside attacks, I suppose many attacks come from inside a network and I should have allowed for commentary on that too.

Spot on Rukmini!

Hi Steve, thank you for all your great answers! As is inevitable with a broad topic like this, there seem to be some conflicting answers from different people but that's OK because I really wanted to draw out everyone's thoughts on the state of IP camera security vulnerabilities.

I've had one security insider comment to me that, not only is the security of cheap IP equipment pretty dismal, but many companies who used to be good have dropped their exhaustive security testing in order to become more competitive. My contact has worked for over 3 decades in Internet security and his comments have prompted my questions in this forum.

"For IP cameras you should get some security vulnerability scanning software and scan the cameras and recording systems."

Do you have a preferred product you like to use for this purpose?

"look into 802.1x"

Yes, this seems to be a very good idea which I will research. Thank you for your considered and thorough replies to my long list of questions!

Luke, for IP scanning, NMAP is common. The trick is to get to know the warnings you can live with vs the warnings you want to hold the vendor to task on.

Regarding security testing, like I say a bigger brand has more at stake here. If they're a larger security player they're almost certainly competing for jobs that will require some compliance with information assurance and accreditation standards like NIST, HIPPA, PCI, DIACAP, etc. Compliance doesn't equal security, but it does imply the end-user customer will have put the equipment through a scan at some point and likely has security features built into their RFPs.

I'm not saying the big brands are "too big to fail" just that they will have had to address this kind of stuff and should have the right answers to your concerns if they're doing their jobs well.

I am currently composing a CSI specfication for a video system with nearly 1000 cameras. The current thinking is that NVRs will be provided in each of the schools with central servers to manage the system. There will be at least 50 workstations are more also involved.

The spec section will have one or more articles on network security. What are the most realistic security standards with which the spec should require compliance (in addtion to the school's existing IT standards requirements)? Keep in mind that i would try and keep the "Frankenspec" topics down to a minimum.

Query: does anyone run a parallel network anymore, or do most IP cameras reside on the customer's existing network alongside all their other stuff? I think my answer will change based on the amount of vulernability there is.

I personally see about 50/50. I have see systems with dozens to hundreds of cameras on a completely seperate network, and I have seen them on seperate VLANS, and I have seen them all together. Often depends on how the system started, and if it organically grew vs. a planned addition.

Many IT guys buy in to IP cameras on a seperate network, and having NVRs with multiple NICs allows easy installation with this model. The installer can then provide their own PoE switches and not have to worry about IT needing to configure their Cisco switches and routing, etc...

It make many things so much easier to control system performance and security.

Just my take based upon my experience...

Is it correct to assume that VLANs would be part of the converged number here?

Hasn't bandwidth required by cameras been trending downwards since this poll was taken? That's been my general impression. In 2011, a parallel network was best practice. Do you think that's still true?

Hasn't bandwidth required by cameras been trending downwards...?

Why is greater compression increasing? Or because of switching from MJPEG to h.264? Do you think bandwidth is the main driver of seperate networks?

From 2011 to today, I suspect bandwidth has been trending upward, mostly because resolution has clearly gone up. In 2011, the shift from SD to 720p was in the middle and now new installs are increasingly moving to 1080p/3MP: IP Camera Resolutions Most Commonly Used

One might say that IP video bandwidth requirements have decreased as a total percentange of network capacity--as LANS and campus network backbones are upgraded to 1G or even 10G from 100M. But I don't think the the bandwidth requirements for the IP video equipment has gone down..

Btw, integrator consensus was the biggest issue was finger pointing / blame, not bandwidth. A dedicated network allowed both sides to operate independently of each other.

From what I read above, implementing tighter logical security can cut down the optioins of what makes/models to add to a video surveillance system. As I see it, I would tend to go down the path of protecting the recorder first and using multiple network cards have the cameras on a non routable and non reachable network from everyone else. Only the recorder gets to the cameras and only the client gets to the recorder.

To the original question. What does google know the we don't. Ergo buying dropcam (an IP and WiFi use), via Nest LABs. Me thinks they would have the same concerns.

The best solution is to use a NVR that includes a Switch PoE. The recorder will use two different IP address, one to connect to the cameras, and the other to connect to the rest of the network. All cameras are only accesible form the recorder. It will be like having an DVR system.

Jordi, what if you have a faulty PoE port or two on the NVR? Would you replace the whole thing? Or rather replace just the switch that costs a fraction?

If faced with that situation I would opt to add an external switch. PoE is only used when detected so that doesnt matter.

Great thread and information. I appreciate everyone's comments and insight. We do a mix of light analog and IP systems and 99% of the time segregate the IP camera network from any existing network. Embedded NVRs with their own PoE switch built in makes this very easy to do and plug and play for lesser experienced installers. I am now curious how secure this plug and play method is or if it is even important to worry about. I do realize that a breach of the cameras network could potentially lead to stolen video but, at this point, dont see the value to a blackhat to go that far to obtain access. If they are willing to go that far, gaining physical access to the network and accomplishing it, they are going to get what they are after no matter what steps are taken to prevent it. I feel ultimately physical access protection would be most important then, as others have stated, traditional network security measures to prevent remote access.

I'm not sure if anyone has mentioned this, but most DVR, NVR, and HVR systems have a notification or I/O function that alerts someone (by various means) if there is an anomoly in the system. Specifically, if a camera were to be unplugged (goes down) to allow someone access to the network connection, then an alert would be sent to either a monitoring station or an end-user. Maybe I'm over simplifying this, but in my book...problem solved!

This obviously, doesnt help so much in the scenario of pros who hack from afar, but in these instances, they're likely not worried about stealing fine china from the dinning room. The locations that they would likely be interested in, I would expect to have a higher grade of network security provided via a dedicated network security team.