The Most Dangerous (and Easiest) Way To Export Surveillance Video

Author: Brian Karas, Published on Mar 11, 2016

Rogue cellphones.

Most DVRs/NVRs and VMSes have options to limit video export to external devices, but none of them can fix the analog hole.

Circumventing Security via Cellphone

Facilities may implement security policies for user logins that prevent exporting or sharing of video, but that does not stop an operator from making a video with their cellphone.

Video of high-profile people can net a security guard a payment that could be more than a year's salary, as in the Ray Rice video.

The Jay Z elevator video is rumored to have gone for $250,000.

Other times the video might be exported just for fun:

It can be difficult to track down the source of cell-phone video leaks, making it tempting for employees to export video this way. The leaker of the Jay-Z video was found out and fired, but the leak behind the Ray Rice video was never identified.

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

Another example: The Ft Lauderdale shooting video has been released, via a cellphone recording, again from TMZ:

Easier than Clumsy Systems

Sometimes cellphone recording and sharing of clips is to make up for clumsy or inefficient export functions. If you are trying to send a short clip to someone in a hurry, this method can be much faster than going through the process of selecting video for export, letting the export process complete, converting video to non-proprietary format and then emailing the clip.

For short videos, where the story is more important than the details in the video, screen recording via camera is effective. Videos of the brawl captured by the FLIR/Costco DIY system fit this example.

Often Used By Police

Police often complain about difficulties with exporting video. If video stored on citizen NVRs/DVRs cannot be intuitively exported in a simple format police officers have had to resort to using cellphones or body cams to record directly from monitors. This method reduces the quality of the video from the native format, but may be the only practical option in those cases.

No Cell Phone Policies

Privacy-conscious organizations have implemented "no cell phone" policies for operators that routinely work with video surveillance systems. Many video monitoring central stations prohibit operators from having cell phones in their possession while on shift.

With cameras built into phones, tablets and laptops it can be very hard to completely close off the analog loophole and prevent employees from recording on-screen video.

Comments (12)

Only IPVM PRO Members may comment. Login or Join.

...but none of them can fix the analog hole.

Couple, three far out 'fixes' for the analog hole.

LCD refresh

You know how sometimes when you make a video of a PC it comes out really bad; dim and with rolling lines thru it? Usually this is a function of the display technology used + PC's refresh rate + the cameras shutter speed.

If you look at the individual frames, you would see many blank screen or partially blank screen frames. The brighter the screen of the PC, the faster the shutter of the cell phone, and the greater the chance of catching the PC during a blanking interval.

And unlike CRT's or even plasmas, LCD screens have little persistence in the luminance of their pixels. They switch on and off quickly and with little effect due to hysteresis. They also have a far wider range of refresh rates available, from 30hz to 240hz. I wonder if a rate could be found that would substantially degrade the picture?

Macrovision ripoff

You may have tried to copy a blockbuster VHS tape and been disappointed with the result. That is likely due to Macrovision protection, a scheme by which the auto gain of the recorder is fooled by a extremely quick and false signal that causes the recorder to constantly adjust the gain, leading to a crappy recording.

Likewise, perhaps a subliminal signal, to quick to be perceived by our eyes, could be introduced that would cause the cellphone camera to adjust by lowering the gain and degrading the video.

Key Lemon

Taking a different approach, there is a face recognition/authentication single sign-on program called Key Lemon, which can automatically lock the session if it no longer detects your face directly in front of the screen. It also records people who try to enter your session. Although, I'm sure someone could stay in front of the screen and record at the same time, I wonder if it could be modified to lock a session if it sees a cell phone in the frame.

I'm sure even that could be beat, but remember the people who take these videos have not figured out how to beat these systems ahead of time, it's not like they are expecting J-Z to walk into an elevator and beat someone up on camera. So just a decent deterrent that makes it harder than just point and shoot may be all you need to make someone think twice.

"It also records people who try to enter your session."

More generally, add a camera on the operators / control room. They may not like that but it would help in checking who filmed the video with their phones.

Exactly, second issue though is having people with access to this who are not trustworthy, if you have dodgy staff then you should be paying for the mistake of not having the right people. (my view on the companies that have these dodgy security guards recording the footage on cellphones)

How much do you have to pay a guard a year so that $250,000 in a day won't tempt him?

I don't consider there to be a correlation between ethics and pay level

Though they say "Every man has his price"...

It's true that cell phones are a problem and the cell videos of celebrities in jail and such are a liability. Look at the award against Marriott for the peep hole video.

Many VMS platforms log who reviews video and for what cameras, but once the genie is out of the bottle it's hard to get back in. Who can you trust and do you use two person authentication to review video?

It won't be the desk clerk paying 22 million in damages.

I have had customers give keys to the building to one employee and alarm codes to another. Two man rule.

Same concept the military uses in silo's. It doesn't make it impossible but it does reduce the odds.

High security places don't allow phones with cameras so for a long time Blackberry made a smart phone with no camera for government workers.

Just having fun here, but most crap DVRs are recording in a lower resolution than the monitor being viewed from yet an iPhone camera resolution is greater so there would actually be more pixels being used to record a video taken directly from a computer monitor attached to a crap DVR (with an iPhone).

This is kind of like the scanners being sold today, what is the point when you can take a picture with your iPhone at 12MP and hit send.

Technology is fun.

TMZ / cell phone strikes again: FT Lauderdale airport shooting footage recorded by cell phone, feared sold to TMZ.

Another vulnerability to be aware of is a MITM attack on the HDMI output of a VMS client that is undergoing the security reviews. I would think that one would even be able to capture 4K with this method with the right gear. I also have seen posts of encrypted HDCP streams failing on such attacks when the intent is to protect the stream. Security is from end to end and not point to point.

I would ensure strict guidelines and processes are set for those who leak video. Make the operators sign a non-disclosure agreement that if they end up leaking the video they could face with serious legal action. Enforce the same.

I usually put a small microdome camera in the Operator Room recording whenever there is someone in the room. This is to let the operators know that they are being watched. If someone does pull out a cell phone to record video - it will be captured.

Setup an Audit Log to capture all actions performed by an operator. Usually they would playback a video at a later date then record it. (not during the actual incident).

Ensure exported video is watermarked & digitally signed - both on storage & export ensuring a chain of trust.

Unfortunately whatever you do may still be a step short for someone who has intent. One can only hope that they have covered all bases.

Related Reports on Police

ShotSpotter IPOs, Facing Low Revenue and Losses on Jun 09, 2017
A rare event for North American security manufacturers has happened. ShotSpotter has IPOed on the NASDAQ, raising $30.8 million. US IPOs,...
Shark Tank Startup Guard Llama Mobile Panic Tested on May 16, 2017
A Shark Tank TV show appearance has attracted big attention for Guard Llama, a security startup touting a 'panic button' paired with mobile app...
Mobile Video Installation Statistics on May 02, 2017
Mobile video systems - those mounted on buses, trains, cars, boats, etc. - are a niche within video surveillance with its own particular...
Duress Codes For Alarms Systems on May 02, 2017
An alarm system can call for help in the event of an attempted break in, but only if it is armed. If an adversary forces an authorized user to...
Burglar Alarm Zoning Guide on Apr 28, 2017
The function of an alarm panel is to gather information from sensors and respond to this information by triggering actions. While it is possible to...
A Marketing Home Run For Knightscope - Man Attacks Robot on Apr 27, 2017
We criticize Knightscope regularly - their lack of revenue, their trying to fool mom 'n pop investors, their associating themselves with a clueless...
Burglar Alarm Strobes Guide on Mar 31, 2017
Strobes provide visual notification of alarm incidents, as sirens are used to give audible notification. Using a strobe gives alarm users and alarm...
Simplisafe Warns Customers About Alarm Fines on Mar 17, 2017
Simplisafe markets themselves as a 'better way' than traditional professional alarm companies. However, in one key way, Simplisafe hides the...
Alarm Panic Switches Tutorial on Mar 16, 2017
Panic switches allow silently triggering an alarm system when it is otherwise disarmed. In this tutorial we explain and contrast the 7 most common...
Genetec Comments on Washington DC MPD Hack on Mar 13, 2017
This January, the Washington DC police video surveillance system was hacked with ransomware, impacting 123 of 187 cameras. Last month, IPVM...

Most Recent Industry Reports

Avigilon CEO Attacks Asian Companies Cyber Insecurity on Aug 18, 2017
Avigilon CEO is taking aim at their Asian competitors. And he is going directly after these company's cyber security issues. In this note, we...
Sony Next Gen HD Dome Camera Tested (SNC-EM642R) on Aug 18, 2017
Sony has released their latest generation, claiming improved WDR and low light, increased IR range, and more. We tested the SNC-EM642R outdoor IR...
IP Networking Course September 2017 on Aug 17, 2017
This is the only networking course designed specifically for video surveillance professionals plus it includes live training, personal help and...
Knightscope Raises $10 Million With $3,320 Average Per Investor on Aug 17, 2017
Congrats to Knightscope. And condolences to their legion of little investors. Knightscope has disclosed they have raised $10+ million from their...
Axis and Arecont Legal Conflict Over Multi-Imager Cameras on Aug 17, 2017
Arecont threatened Axis. Axis has responded by moving to invalidate an Arecont patent. It is an important contest. Multi-imagers are Arecont's...
Directory Of Consumer Security Cameras on Aug 16, 2017
The consumer camera segment continues to grow, with new startups and models from existing players released seemingly every month. In this report we...
Cat 5e vs Cat 6 vs Cat 6a Network Cable Usage Statistics on Aug 16, 2017
Cat 5e? Cat 6? Cat 6a? What do integrators use in practice, today? 140+ integrators told IPVM. Here are the results: For those who want to...
Hikvision Responds To Cracked Security Codes on Aug 15, 2017
Hikvision has responded to IPVM's report on Hikvision's security code being cracked, both with a 2 page update to dealers and communication...
Stolen Video NVR / DVR Statistics on Aug 15, 2017
"But what happens if someone steals my recorder?" Anyone who has done more than a handful of jobs has probably heard this question several times....
Hikvision Europe Cutting Out Unauthorized End User Sales on Aug 15, 2017
The days of anyone buying Hikvision from anywhere off the Internet are numbered, at least in Europe, if Hikvision's plan comes to fruition. In...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact