Stopping Surveillance 'Videojacking'

Author: John Honovich, Published on Feb 16, 2011

A rising fear among security professionals is that surveillance video can be 'hijacked' and put on the Internet, resulting in embarassment or worse for the organization involved. A number of people are calling for more sophisticated and secure techniques to protect surveillance video. Unfortunately, such techniques do little to address the real risk and key threats to surveillance video.

A good example of the common but faulty recommendations offered can be found in a Feb 2011 Retail Solutions Online article where end to end encryption from the camera through the monitoring client is advocated. While this is technically possible (in at least some systems) and may be important for proving the validity of evidence in court, it does little to address the threat of videojacking.

Most of the videos that are embarassing or hurting organizations are coming via mobile phones - either directly recording an incident (e.g., the Seattle police fight) or by filming the screen of a computer playing surveillance video (e.g., the Pennsylvania fountain case). Phones provide an easy and quick way to capture and share surveillance video.

Phones are a much more dangerous threat towards sharing surveillance video than hackers. With phones, there's no need to be a technology expert or network hacker to access the video. Just be inside the premises or the security monitoring center and click record on your phone. By contrast, hacking surveillance systems is a lot of work for relatively little gain compared to what else one can access on a corporate network (see our review/discussion on Is Hacking IP Cameras a Major Risk?).

To stop misuse of phones, we see 2 fundamental options:

  • Physically restrict people from having phones in areas where there is surveillance
  • Strengthen access control to video surveillance systems

The first option is generally not feasible unless you are in a maximum security area. As such, the second option, controlling access to surveillance systems is key. Many users leave their surveillance monitoring stations on all day. While this increases convenience and is often important to let people quickly look in on what's happening in a facility, unrestricted access means that someone with a phone can capture surveillance video in a minute. 

Tactics to restrict access include limiting the rights of operators to access recorded video and automatically timing out users after inactivity. Equally important and very basic, in surveillance, too often users share common username/passwords ('guard' and 'guard' or 'admin' or 'admin'). This makes auditing extremely difficult while increasing the chance that unwanted people access the system.

Because of mobile phones, stopping videojacking will not be easy. The most practical way to impact this is through improved access control to video, not encryption.

1 report cite this report:

Wireless Video Surveillance Hijacking Threat on Mar 25, 2011
An Australian investigative report is highlighting the risk that video surveillance systems face from wireless hijacking. In this note, we examine...
Comments : PRO Members only. Login. or Join.

Related Reports

Alarm.com Favorability Results 2019 on Apr 15, 2019
The once dot com startup has evolved to become a core provider for home security and is now expanding into commercial. In their first entry in...
Hikvision AI Problems Criticized By Chinese Publication on Apr 09, 2019
Hikvision's facial recognition works poorly, causes delays and worsens learning, according to a new investigation by one of China's leading...
Spring 2019 IP Networking Course- Register Now on Apr 04, 2019
Register now for the Spring 2019 IP Networking course here. Just $299 for the course. This is the only networking course designed specifically...
Casino Security Consultant Carl Lindgren Interview on Mar 26, 2019
For more than 20 years, Carl Lindgren worked as a casino surveillance pro, while being active (and sometimes outspoken) on various online video...
IBM / Genetec Surveillance System Investigated Over Philippines Human Rights Abuses on Mar 22, 2019
A lengthy investigation into an IBM video surveillance project in the Philippines, raising concerns IBM helped local police conduct a bloody...
Large Hospital Security End User Interview on Mar 21, 2019
This large single-state healthcare system consists of many hospitals, and hundreds of health parks, private practices, urgent care facilities, and...
Silicon Valley Cybersecurity Insurance Startup Coalition Profile on Mar 20, 2019
Many industry people believe cybersecurity insurance is not worth it, as the voting and debate in our Cybersecurity Insurance For Security...
Top Metrics For Ensuring Integrator Profitability - Statistics on Mar 20, 2019
How do integrators ensure the profitability of their projects? As part of our profitability study, 100+ integrators answered the following...
Genetec Security Center 5.8 Tested on Mar 19, 2019
Genetec has released Version 5.8. This comes after a wait of more than a year that caused frustrations for many Genetec partners. Our previous...
Large US University End-User Video Surveillance Interview on Mar 18, 2019
Schools have become targets in modern days of active shooters and terrorist fears. The need for video and access security is high. Universities...

Most Recent Industry Reports

H.265 Usage Statistics on Apr 19, 2019
H.265 has been available in IP cameras for more than 5 years and, in the past few years, the number of manufacturers supporting this codec has...
ACRE Acquires RS2, Explains Acquisition Strategy on Apr 19, 2019
ACRE continues to buy, now acquiring RS2, just 5 months after buying Open Options. One is a small access control manufacturer from Texas, the...
Access Control Course Spring 2019 - Last Chance on Apr 19, 2019
Register for the Spring Access Control Course. IPVM offers the most comprehensive access control course in the industry. Unlike manufacturer...
Riser vs Plenum Cabling Explained on Apr 18, 2019
You could be spending twice as much for cable as you need. The difference between 'plenum' rated cable and 'riser' rated cable is subtle, but the...
Verint Victimized By Ransomware on Apr 18, 2019
Verint, which is best known in the physical security industry for video surveillance but has built a sizeable cybersecurity business as well, was...
Milestone Drops IFSEC on Apr 18, 2019
Milestone has dropped out of Europe's largest annual security trade show (IFSEC 2019), telling IPVM that they "have found that IFSEC in EMEA no...
The Fastest Growing Video Surveillance Sales Organization Ever - Verkada on Apr 17, 2019
Verkada has the fastest growing video surveillance sales organization ever. In less than 2 years, they already have more salespeople in the US...
Door Operators Access Control Tutorial on Apr 17, 2019
Doors equipped with door operators, specialty devices that automate opening and closing, tend to be quite complex. The mechanisms needed to...
Securadyne CEO: IPVM 'Entertaining For An Ignorant Few' on Apr 16, 2019
Securadyne's CEO Carey Boethel is unhappy with IPVM's report - Failed Integrator Rollup, Securadyne Sells to Guard Giant Allied. Indeed, he...
Dahua Repositionable IR Multi-Imager Camera Tested on Apr 16, 2019
Dahua has released their first repositionable multi-imager camera, the Multi-Flex 4x2MP, claiming integrated IR, true WDR, and flexible...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact