Stopping Surveillance 'Videojacking'

By: John Honovich, Published on Feb 16, 2011

A rising fear among security professionals is that surveillance video can be 'hijacked' and put on the Internet, resulting in embarassment or worse for the organization involved. A number of people are calling for more sophisticated and secure techniques to protect surveillance video. Unfortunately, such techniques do little to address the real risk and key threats to surveillance video.

A good example of the common but faulty recommendations offered can be found in a Feb 2011 Retail Solutions Online article where end to end encryption from the camera through the monitoring client is advocated. While this is technically possible (in at least some systems) and may be important for proving the validity of evidence in court, it does little to address the threat of videojacking.

Most of the videos that are embarassing or hurting organizations are coming via mobile phones - either directly recording an incident (e.g., the Seattle police fight) or by filming the screen of a computer playing surveillance video (e.g., the Pennsylvania fountain case). Phones provide an easy and quick way to capture and share surveillance video.

Phones are a much more dangerous threat towards sharing surveillance video than hackers. With phones, there's no need to be a technology expert or network hacker to access the video. Just be inside the premises or the security monitoring center and click record on your phone. By contrast, hacking surveillance systems is a lot of work for relatively little gain compared to what else one can access on a corporate network (see our review/discussion on Is Hacking IP Cameras a Major Risk?).

To stop misuse of phones, we see 2 fundamental options:

  • Physically restrict people from having phones in areas where there is surveillance
  • Strengthen access control to video surveillance systems

The first option is generally not feasible unless you are in a maximum security area. As such, the second option, controlling access to surveillance systems is key. Many users leave their surveillance monitoring stations on all day. While this increases convenience and is often important to let people quickly look in on what's happening in a facility, unrestricted access means that someone with a phone can capture surveillance video in a minute. 

Tactics to restrict access include limiting the rights of operators to access recorded video and automatically timing out users after inactivity. Equally important and very basic, in surveillance, too often users share common username/passwords ('guard' and 'guard' or 'admin' or 'admin'). This makes auditing extremely difficult while increasing the chance that unwanted people access the system.

Because of mobile phones, stopping videojacking will not be easy. The most practical way to impact this is through improved access control to video, not encryption.

1 report cite this report:

Wireless Video Surveillance Hijacking Threat on Mar 25, 2011
An Australian investigative report is highlighting the risk that video surveillance systems face from wireless hijacking. In this note, we examine...
Comments : PRO Members only. Login. or Join.

Related Reports

Proactive CCTV "Only Affordable Video Archiving Solution" Profile on Aug 12, 2019
Proactive CCTV is claiming to offer "the only affordable video archiving solution on the market", reducing the storage typically required for H.265...
Razberi Technologies Company Profile on Aug 06, 2019
Razberi says they have doubled their revenue in the first half of 2019, citing their proprietary camera hardening and cybersecurity capabilities...
Avigilon Blue VSaaS Tested on Aug 05, 2019
Avigilon says Blue is a "powerful integrator cloud service platform", easy to set up and configure, quickly scale business, by leveraging cloud...
Dahua Wiretapping Vulnerability on Aug 02, 2019
IPVM has validated, with testing, and from Dahua, that many Dahua cameras have a wiretapping vulnerability. Even if the camera's audio has been...
Online Video Surveillance Sales Comparison - Amazon, B&H, CDW, LTS, Super Circuits, More on Jul 31, 2019
IPVM has uncovered the key trends and top options being offered across commonly used surveillance sellers. How has the market shifted since we...
Avigilon ACC7 VMS Tested on Jul 22, 2019
Avigilon's Control Center 7 boldly claims it will "transform live video monitoring" with the new Focus of Attention "AI-enabled" interface. We...
Calipsa - UK AI Startup Profile on Jul 10, 2019
Analytic startups are a major industry trend. One UK company, Calipsa is aiming to use AI to filter out false positive alarms for live video...
Directory of 60 Video Surveillance Startups on Jun 25, 2019
This directory provides a list of video surveillance startups to help you see and research what companies are new or not yet broadly known. 2019...
Risk of Amazon Alexa Guard: No Battery Or Cell Backup on Jun 20, 2019
Amazon positions its Alexa Guard Service as a "smart home security system" and says it can help you "keep your home safe". However, the...
IndigoVision Control Center VMS Tested on May 30, 2019
IPVM's last test of IndigoVision's VMS was in 2010, which found enterprise VMS features and a simple client interface. but no 3rd party camera...

Most Recent Industry Reports

Verkada People And Face Analytics Tested on Aug 16, 2019
This week, Verkada released "People Analytics", including face analytics that they describe is a "game-changing feature" that "pushes the...
Dahua OEM Directory 2019 on Aug 16, 2019
US Government banned Dahua OEMs for dozens of companies. The following directory includes 40+ of those companies with a graphic and links to...
Installation Course - Register Now on Aug 15, 2019
Register Now for the September 2019 Video Surveillance Install Course. This is a unique installation course in a market where little practical...
Axis Suffers Outage, Provides Postmortem on Aug 15, 2019
This week, Axis suffered an outage impacting their website and cloud services. Inside this note, we examined what happened, what was impacted...
Hikvision Scrutinized In The Netherlands on Aug 15, 2019
Hikvision is facing unprecedented scrutiny in the Netherlands, at the same time the US government ban has taken effect. This week, a Dutch...
Axis 4K Camera Shootout 2019 on Aug 14, 2019
Axis' 4K Q3518-LVE claims the "best video quality possible", with Lightfinder super low light performance, Axis' high end Forensic WDR, and...
CheckMySystems Company Profile on Aug 14, 2019
CheckMySystems says that too many users respond, "I get an email when something is wrong" when talking about their video system maintenance plan,...
Hikvision OEM Directory on Aug 13, 2019
The Chinese government-owned and US-government banned Hikvision has become the world's largest video surveillance manufacturer and generally hidden...
Biometrics Usage Statistics 2019 on Aug 13, 2019
Biometrics are commonly used in phones, but how frequently are they used for access? 150+ integrators told us how often they use biometrics,...
US Government Ban of Dahua, Hikvision, Huawei Takes Effect Now on Aug 13, 2019
The 'prohibition on use or procurement' of Dahua, Hikvision and Huawei products and 'essential components' take effect today, August 13, 2019, one...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact