Stopping Surveillance 'Videojacking'

Author: John Honovich, Published on Feb 16, 2011

A rising fear among security professionals is that surveillance video can be 'hijacked' and put on the Internet, resulting in embarassment or worse for the organization involved. A number of people are calling for more sophisticated and secure techniques to protect surveillance video. Unfortunately, such techniques do little to address the real risk and key threats to surveillance video.

A good example of the common but faulty recommendations offered can be found in a Feb 2011 Retail Solutions Online article where end to end encryption from the camera through the monitoring client is advocated. While this is technically possible (in at least some systems) and may be important for proving the validity of evidence in court, it does little to address the threat of videojacking.

Most of the videos that are embarassing or hurting organizations are coming via mobile phones - either directly recording an incident (e.g., the Seattle police fight) or by filming the screen of a computer playing surveillance video (e.g., the Pennsylvania fountain case). Phones provide an easy and quick way to capture and share surveillance video.

Phones are a much more dangerous threat towards sharing surveillance video than hackers. With phones, there's no need to be a technology expert or network hacker to access the video. Just be inside the premises or the security monitoring center and click record on your phone. By contrast, hacking surveillance systems is a lot of work for relatively little gain compared to what else one can access on a corporate network (see our review/discussion on Is Hacking IP Cameras a Major Risk?).

To stop misuse of phones, we see 2 fundamental options:

  • Physically restrict people from having phones in areas where there is surveillance
  • Strengthen access control to video surveillance systems

The first option is generally not feasible unless you are in a maximum security area. As such, the second option, controlling access to surveillance systems is key. Many users leave their surveillance monitoring stations on all day. While this increases convenience and is often important to let people quickly look in on what's happening in a facility, unrestricted access means that someone with a phone can capture surveillance video in a minute. 

Tactics to restrict access include limiting the rights of operators to access recorded video and automatically timing out users after inactivity. Equally important and very basic, in surveillance, too often users share common username/passwords ('guard' and 'guard' or 'admin' or 'admin'). This makes auditing extremely difficult while increasing the chance that unwanted people access the system.

Because of mobile phones, stopping videojacking will not be easy. The most practical way to impact this is through improved access control to video, not encryption.

1 report cite this report:

Wireless Video Surveillance Hijacking Threat on Mar 25, 2011
An Australian investigative report is highlighting the risk that video surveillance systems face from wireless hijacking. In this note, we examine...
Comments : PRO Members only. Login. or Join.

Related Reports

"New Zealand Govt Uses Chinese Cameras Banned In US", Considers Security Audit on Oct 12, 2018
Newsroom NZ has issued a report: "NZ Govt uses Chinese cameras banned in US": This comes after the US federal government banned purchases of...
Security System Health Monitoring Usage Statistics 2018 on Oct 09, 2018
How well and quickly do integrators know if devices are offline or broken? New IPVM statistics show that typically no health monitoring is...
China Hacks Video Servers Causing Uproar on Oct 05, 2018
An incident causing an international uproar is hitting home in the video surveillance industry as a Bloomberg report, "The Big Hack: How China...
Fall 2018 New Products Directory on Oct 03, 2018
Fall 2018 New Products Directory We have compiled a directory of new products released fall 2018, or at least since our Spring 2018 Directory. The...
Genetec Takes Aim At 'Untrustworthy' 'Foreign Government-Owned Vendors' on Sep 24, 2018
Genetec is taking aim at 'untrustworthy' 'foreign government-owned vendors'. This is not a new theme for Genetec as nearly 2 years ago, Genetec...
Alexa Guard Expands Amazon's Security Offerings, Boosts ADT's Stock on Sep 21, 2018
Amazon is expanding their security offerings yet again, this time with Alexa Guard that delivers security audio analytics and a virtual "Fake...
Central Stations Face Off Against NFPA On Fire Monitoring on Sep 18, 2018
Central stations are facing off against the NFPA over what they call anti-competitive language in NFPA 72, the standard that covers fire alarms....
European Mega Security Firm Verisure Pushing Security Fog on Sep 17, 2018
The European mega security firm Verisure (Securitas Direct), with a reported 2 million customers, is pushing security fog, as shown in this BBC...
Stanley Security Acquires 3xLogic, Kushner Becomes Product President on Sep 10, 2018
Stanley Security acquired 3xLogic a few months ago. However, the company has still not officially publicly announced it, leading many to wonder...
Dell Launches IoT for Surveillance on Sep 05, 2018
Historically, Dell has been a PC and server provider (e.g., "Dude, you're getting a Dell") and widely used for surveillance storage. However, in...

Most Recent Industry Reports

Knightscope Winning Investors, Struggling With Growth on Oct 16, 2018
While Knightscope's new financials show the company only winning 11 new customers in the past 12 months, the company continues to win new...
Integrator Laptop Guide on Oct 16, 2018
This 18-page guide provides guidance and statistics about integrator laptop use. 150 integrators explained to IPVM in detail about their laptops,...
Huawei Admits AI "Bubble" on Oct 16, 2018
A fascinating article from the Chinese government's Global Times: Huawei’s AI ambition to reshape industries. While the Global Times talks about...
ADI's Financials Revealed + W-Box Growth Priority on Oct 15, 2018
  ADI is one of the most powerful distributors in the security industry but how big are they? How much profit do they make? How much do they sell...
Amazon Touts Home Security Market Disruption on Oct 15, 2018
Amazon is coming for ADT and all of home security. Indeed, Amazon is advertising this as, in their own words, calling home security a: Inside...
Higher Power PoE 802.3bt Ratified, Impact on Security Products Examined on Oct 12, 2018
Power over Ethernet has become one of the most popular features of many video, access, and other security products. See our PoE for IP Video...
"New Zealand Govt Uses Chinese Cameras Banned In US", Considers Security Audit on Oct 12, 2018
Newsroom NZ has issued a report: "NZ Govt uses Chinese cameras banned in US": This comes after the US federal government banned purchases of...
Mysterious Patent Troll 'Secure Cam' Targets Industry, Sues Hanwha, Hikvison, JCI, Panasonic, More on Oct 11, 2018
A company named "Secure Cam," who is actively hiding their ownership, has acquired a slew of video patents and is systematically suing video...
Unfixed Critical Vulnerability In Millions of XiongMai Devices Disclosed on Oct 10, 2018
XiongMai, one of the biggest OEMs alongside Dahua and Hikvision, has suffered a critical vulnerability impacting millions of their devices. This...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact