Security cameras are not as secure as we even thought. Up to 18 popular camera brands have been discovered to have defects in their security, not even mentioning almost 5,800 unprotected security cameras that are visible to almost everyone out there.
The pervalent flaw was discovered by a security firm known as Rapid7 after reading an article posted by a blogger, SomeLuser, explaining in detains the failure of a certain swann company. Infact, the said defect permits anyone connected to a specific port complete access to the DVR functions of the camera. This security company then tried the same trick used on swann on other big camera companies and came up with names of susceptible manufacturers:
Lorex, URMET, swann, Kguard, Defender, DSP cop, SVAT, Zmodo, BCS, Bolide, Eyeforce, Atlantis, Greatek, J2000, Hi-view, Protectron and Soyo.
The defects have been tested only by scanning their code, not by spying, but Rapid7 is so sure that it would definitely work on the named companies system cameras. Anyone who has a security camera manufactured by any of the named companies would have a firmware update to address the flaw.
For a while now, we’ve known about unsecured net connected gear particularly security cameras. It became known last summer that three very popular manufacturers were susceptible to that kind of attack, there is even a guide to check on a couple of unsecured feeds. Not mentioning the countless unprotected printers all over the world that could just start printing anything at any time.
This is deeply concerning but just one more step down the path we are trailing.
In a world where surveillance cameras exists everywhere, chances of being watched somewhere by someone is very high. Just that the watcher might not be who you even think.
Three popular brands of close circuit television(CCTV) also known as security cameras comes with remote internet access that is enabled automatically, and with a password that is not strong-a perfect formula for security failure that could enable hackers to tap into the video feeds, new research reveals.
The cameras used in banking halls, supermarkets, hotels,hospitals and so on are designed in an insecure way- many thanks to default settings from the company, according to a senior security engineer at Gothan digital science, Justin Cacak. As a result of this, he claims hackers can take charge of the systems to have access to live footage or archived ones or control the angle and zoom of cameras that could be adjusted.
“These devices can be viewed from anywhere”, cacak said, stating that he and his team viewed video footage showing how security guards were changing rounds in facilities, “highly interesting and clear footage”,from CCTV placed in elevators, and also footage capture by a high powered camera fixed in a college campus, which had access into the inside of the colleges dormitory rooms. Cacak and his security team viewed the footages because of the tests they were conducting on behalf of their clients to discover security weaknesses in their networks. His team found over 1,000 CCTV cameras that were open to the internet and thus vulnerable to sudden compromise, as a result of fundamental weaknesses in the systems and the companies tendency to design them insecurely.
The fundamental weaknesses, he said, can be found in like three major of makers of standalone CCTV systems that he examined with his researchers- MicroDigital, HIKVISION, CTring and quite a number of other companies that sells rebranded versions of the systems.
CCTV video cameras are situated at strategic points in sensitive facilities such as server rooms, bank vaults, research labs and areas housing expensive equipments.
Also, the cameras are fixed on ceilings, walls and also be kept hidden to keep an eye on employees and others without them knowing.
Gaining unapproved access to such systems could make thieves have a view of the facility before breaking in, change the position of the cameras from where they don’t want to be seen or zoom in on important papers or products type at a workstation. The cameras can also be used to secretly view hospitals, restaurants and others to spot important personalities and others who visit the place.
One easy feature in many CCTV systems is the remote access capability which enables security officials view video feeds and control the cameras on the internet with computers or phones. But it also makes the systems susceptible to hackers from outside especially if they are not configured securely. If upon purchase, this feature has been enabled, clients may not know that they are supposed to take extra steps to secure the systems.
“All the systems we found have default enabled remote access feature”, cacak says. “Not all customers know this…because these video feeds are mostly viewed on console screens, so they may not know that they can be accessed remotely.
The fact that the system comes with default passwords that could be known easily by anyone adds more to the problem as these passwords are often not changed by customers. They also do not bar a user from trying further after a certain number of incorrect password guesses. This shows that if a customer creates another password, a hacker can still crack in forcefully.
Cacak and his team discovered that on most of the systems they found, the default password was either “1234” or “1111” while the username was either “admin” or “user”.
“We realized 70 percent of users did not change the default passwords”, cacak said.
Most of these customers do not limit access to computers from trusted networks, neither do they keep record of who is accessing their system, so they really cannot know if an attacker is viewing their video footage from outside.
In a bid to help companies to know if their security cameras are susceptible to attack or not, cacak and his team worked with Rapid7 to create a program for its Metasploit software focusing CCTV systems designed by MicroDigital, HIVISION and CTring or sold by other companies with a different name. Metasploit is a trial tool used by security personnels to know if their systems are susceptible to attack, but hackers also use it to know weak systems.
The program can be used to know if a certain user account, such as “admin” is existing on a targeted CCTV, and it can also be used to conduct log-in attempts automatically with the use of known default passwords, brutally crack passwords on system using unknown passwords, view live and recoreded footage, and redirect adjustable cameras. The chief security personnel at Rapid7, HD Moore said they’ve started work on a scanner program that will help find CCTV systems that are connected to the internet.
Earlier in the year, Mr moore and one other researcher from Rapid7 discovered similar weaknesses in video-conferencing systems. They discovered that they were able to access conference rooms of some major oil, law and pharmaceutical firms in the country and even Goldman sachs’ boardroom- by simply calling in to unprotected video conferencing systems they found by scanning the internet.
They were able to hear everything being discussed in meetings, change position of camera around rooms and also zoom in to read information on important documents.