Locking Down IP Cameras

March 14, 2016
Best practices for keeping your customers' network surveillance safe from hackers

Shortly after the first computer was connected to a larger network that linked it with other machines outside of a single office or building, hackers began their continued attempts to access data from connected computers, at first exploring out of curiosity but now more often for criminal purposes.

Today, these attacks have become more sophisticated and far-reaching with often disastrous results for organizations whose networks have been breached and the people whose information has been stolen.

Computers and servers are the most obvious targets for an attack, but they are hardly the only options anymore. The movement toward connecting more and more embedded devices to a network — the Internet of Things — has brought a higher level of convenience to our everyday lives, but at the same time, it has also increased the risk and changed the nature of breaches as old familiar devices and the networked world collide.

Each networked “embedded” device is a miniature computer complete with passwords, security configuration settings, and vulnerabilities just like the servers and workstations that are customary on networks. While they are deployed for the purpose of increasing physical security, IP cameras are by no means immune to attack. Hackers see a camera as simply another networked device, and therefore another potential attack point — one with which they have had some success recently.

Poorly configured devices can provide an attacker with a foothold on a network that can be used to attack other systems, or it may be useful for the data it generates or the access it provides.

The main reasons IP cameras are vulnerable boil down to human factors — misconfiguration, user error, etc.; or the technology, such as design flaws with the camera or its firmware.

Cameras Are an Attractive Target

Like any networked device, should a camera be breached, it could offer a hacker access to view all networked cameras within the surveillance system and could enable someone to take control of that system as well.

Hacked cameras can be used to observe sensitive information or activities within a facility, like the guard procedures and schedules, in order to allow for later physical infiltration of the facility. Many cameras are also equipped with microphones, opening the door to direct eavesdropping on sensitive conversations.

With both physical and information security becoming more closely intertwined with overall operations, there is also a very real possibility of someone accessing the corporate network, where sensitive — and very valuable — information is stored.

Hackers are continually employing more sophisticated methods to circumvent information security, meaning organizations must stay a step ahead of these efforts. With respect to IP cameras, the security installer or integrator is depended on by many end-users to ensure that these devices offer the appropriate level of security to prevent them from being used to breach the network.

Beyond that, cameras are often considered a sort of “set it and forget it” device that rarely gets maintenance attention.

There are a number of technology-based solutions designed to provide protection against attacks, but simply adding technology to the mix to mask potential vulnerabilities is not the best answer to this problem. Rather, the best approach consists of a combination of technology and the human element, including best practices and installation techniques.

Default Passwords and Settings

With this in mind, what can security integrators do to decrease the likelihood of someone being able to hack into IP cameras? For starters, change the default password.

There are a number of websites that list the default passwords for most IP cameras — both consumer and commercial grade. Other security settings, such as encryption or remote access, are often set to a more insecure state by default to make “plug-and-play” installation easier for the technologically unsophisticated user. These settings also leave devices exposed to savvy attackers who can manipulate network traffic.

It is amazing and appalling to know just how many IP cameras have been deployed with their default settings, essentially broadcasting to anyone with the time or inclination to access them. Estimates put this number in the hundreds of thousands — which is significant considering how recent the move to IP cameras is and how rapidly they are now being deployed.

Firmware Updates

Simply changing the passwords and settings may not be enough, as many cameras will still be vulnerable. Hackers have been successful at finding and exploiting bugs in the camera’s software that allow them to bypass authentication and access the device.

In many cases, the manufacturer had already identified and provided a patch to close these vulnerabilities, but the firmware in many of the cameras has not been updated. Unfortunately, this happens all too often, leaving your customers unnecessarily exposed to the threat of attack.

End-users often do not know how to update their devices, don’t think to do it, or simply lack the time to update their firmware, which might be an opportunity for integrators to promote a service and maintenance plan.  

Network Segmentation

Ideally, cameras should not be exposed to the Internet or any other external networks, but they often are. Exposing devices to the Internet makes it easy for an attacker to find them and exploit vulnerabilities. Search engines like Shodan (http://shodan.io) index devices connected to the Internet, and all it takes for just about anyone to find and view these vulnerable cameras is a simple search based on the camera’s make, model or version.

Even within a network, isolating internal networks used for operations or other critical activities from the security surveillance system network is essential to limit the spread of a potential attack — protecting internal systems from each other. Keeping these two functions on separate, isolated segments of the overall network ensures that even if a camera is hacked, it will not serve as an easy gateway to access the entire network, especially sensitive operations data, or that other compromised systems will not provide a gateway to the cameras.

These issues are all especially a concern in a small business environment or where cameras are managed by physical facility personnel, who tend to be less aware of these types of network threats than a dedicated IT security team. In these cases, it is incumbent upon the integrator to deploy cameras in a secure manner, with strong passwords and security settings, while monitoring and tracking known software vulnerabilities to ensure that customers’ cameras are up to date with the latest firmware updates and security patches as soon as they are released.

Keep Informed

Two unfortunate realities are that attacks are common and that these activities will continue to plague any device or system that is connected to a network, including IP security cameras.

It is critical to recognize that given the ever-evolving methods and technologies used by hackers, no one can guarantee that all potential breaches will be avoided. In addition to the best practices outlined here, it is importnat that these physical surveillance devices are themselves subject to network surveillance in order to detect potential attacks.

It is also critical to keep informed from your manufacturer partners. While hackers are always working to find new ways into networks as old flaws are fixed, manufacturers and others are continually working on making more secure products and quickly developing patches for any vulnerabilities — something integrators must be informed of in a timely manner.

Christopher Camejo is Director of Threat and Vulnerability Analysis for NTT Com Security. Request more info about the company by visiting www.securityinfowatch.com/12135340