Stopping Surveillance 'Videojacking'

By John Honovich, Published on Feb 16, 2011

A rising fear among security professionals is that surveillance video can be 'hijacked' and put on the Internet, resulting in embarassment or worse for the organization involved. A number of people are calling for more sophisticated and secure techniques to protect surveillance video. Unfortunately, such techniques do little to address the real risk and key threats to surveillance video.

A good example of the common but faulty recommendations offered can be found in a Feb 2011 Retail Solutions Online article [link no longer available] where end to end encryption from the camera through the monitoring client is advocated. While this is technically possible (in at least some systems) and may be important for proving the validity of evidence in court, it does little to address the threat of videojacking.

Most of the videos that are embarassing or hurting organizations are coming via mobile phones - either directly recording an incident (e.g., the Seattle police fight) or by filming the screen of a computer playing surveillance video (e.g., the Pennsylvania fountain case). Phones provide an easy and quick way to capture and share surveillance video.

Phones are a much more dangerous threat towards sharing surveillance video than hackers. With phones, there's no need to be a technology expert or network hacker to access the video. Just be inside the premises or the security monitoring center and click record on your phone. By contrast, hacking surveillance systems is a lot of work for relatively little gain compared to what else one can access on a corporate network (see our review/discussion on Is Hacking IP Cameras a Major Risk?).

To stop misuse of phones, we see 2 fundamental options:

  • Physically restrict people from having phones in areas where there is surveillance
  • Strengthen access control to video surveillance systems

The first option is generally not feasible unless you are in a maximum security area. As such, the second option, controlling access to surveillance systems is key. Many users leave their surveillance monitoring stations on all day. While this increases convenience and is often important to let people quickly look in on what's happening in a facility, unrestricted access means that someone with a phone can capture surveillance video in a minute. 

Tactics to restrict access include limiting the rights of operators to access recorded video and automatically timing out users after inactivity. Equally important and very basic, in surveillance, too often users share common username/passwords ('guard' and 'guard' or 'admin' or 'admin'). This makes auditing extremely difficult while increasing the chance that unwanted people access the system.

Because of mobile phones, stopping videojacking will not be easy. The most practical way to impact this is through improved access control to video, not encryption.

1 report cite this report:

Wireless Video Surveillance Hijacking Threat on Mar 25, 2011
An Australian investigative report is highlighting the risk that video...
Comments : Members only. Login. or Join.

Related Reports

'CCTV' Is the Past, Cloud Video Surveillance Is the Future on Jul 08, 2019
A fundamental shift is happening. For decades, video surveillance was...
Covert Elevator Face Recognition on Oct 24, 2019
Covert elevator facial recognition has the potential to solve the cost and...
Faked Coronavirus Fever Detection, Athena Used Hikvision; Responds - Selling NDAA Compliant Cameras, Pledging 50% Of Profits to Victims on Mar 24, 2020
US company, Athena Security, faked its coronavirus fever detection marketing,...
AI Video Surveillance (Finally) Goes Mainstream In 2020 on Sep 03, 2019
While video surveillance analytics has been promoted, hyped and lamented for...
Axis Compares Fever Camera Sellers to 9/11 on Sep 18, 2020
Axis Communications, the West's largest surveillance camera manufacturer, has...
Propped Doors Access Control Tutorial on Jan 07, 2020
Doors should keep 'bad guys' out, but a common access control problem is...
Clearview AI Alarm - NY Times Report Says "Might End Privacy" on Jan 20, 2020
Over the weekend, the NY Times released a report titled "The Secretive...
Verkada Disruptive Embedded Live Help on Sep 24, 2020
Call up your integrator? Have someone come by the next day? Verkada is...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Vulnerability Directory For Access Credentials on Feb 20, 2020
Knowing which access credentials are insecure can be difficult to see,...
China Surveillance Vulnerabilities Being Used To Attack China, Says China on Apr 07, 2020
While China video surveillance vulnerabilities have been much debated in the...
False: Verkada: "If You Want To Remote View Your Cameras You Need To Punch Holes In Your Firewall" on Jul 31, 2020
Verkada falsely declared to “3,000+ customers”, “300 school districts”, and...
PRC Warns Against China Video Surveillance Hacks, Hikvision Targeted on Feb 14, 2020
Hackers are targeting China video surveillance manufacturers and systems,...
Stop Blaming Your Employee, Wyze on Dec 30, 2019
Wyze management is at fault for its massive data leak, not its 'employee', as...
Surveillance Storage 101 on Mar 23, 2020
This guide teaches the fundamentals of video surveillance...

Recent Reports

GDPR Impact On Temperature / Fever Screening Explained on Oct 22, 2020
What impact does GDPR have on temperature screening? Do you risk a GDPR fine...
Security And Safety Things (S&ST) Tested on Oct 22, 2020
S&ST, a Bosch spinout, is spending tens of millions of dollars aiming to...
Nokia Fever Screening Claims To "Advance Fight Against COVID-19" on Oct 22, 2020
First IBM, then briefly Clorox, and now Nokia becomes the latest Fortune 500...
Deceptive Meridian Temperature Tablets Endanger Public Safety on Oct 21, 2020
IPVM's testing of and investigation into Meridian Kiosk's temperature...
Honeywell 30 Series and Vivotek NVRs Tested on Oct 21, 2020
The NDAA ban has driven many users to look for low-cost NVRs not made by...
Avigilon Aggressive Trade-In Program Takes Aim At Competitors on Oct 20, 2020
Avigilon has launched one of the most aggressive trade-in programs the video...
Mexico Video Surveillance Market Overview 2020 on Oct 20, 2020
Despite being neighbors, there are key differences between the U.S. and...
Dahua Revenue Grows But Profits Down, Cause Unclear on Oct 20, 2020
While Dahua's overall revenue was up more than 12% in Q3 2020, a significant...
Illegal Hikvision Fever Screening Touted In Australia, Government Investigating, Temperature References Deleted on Oct 20, 2020
The Australian government told IPVM that they are investigating a Hikvision...
Panasonic Presents i-PRO Cameras and Video Analytics on Oct 19, 2020
Panasonic i-PRO presented its X-Series cameras and AI video analytics at the...
Augmented Reality (AR) Cameras From Hikvision and Dahua Examined on Oct 19, 2020
Hikvision, Dahua, and other China companies are marketing augmented reality...
18 TB Video Surveillance Drives (WD and Seagate) on Oct 19, 2020
Both Seagate and Western Digital recently announced 18TB hard drives...
Watrix Gait Recognition Profile on Oct 16, 2020
Watrix is the world's only gait recognition surveillance provider IPVM has...
Intel Presents Edge-to-Cloud Ecosystem for Video Analytics on Oct 16, 2020
Intel presented its processors and software toolkit for computer vision at...