IP cameras for video surveillance has been a trending topic amongst enterprises across the world due to rising concerns for security and safety. IP CCTV cameras are revolutionising security measures, and technology has evolved to allow for a more diverse security monitoring system through high resolution, larger digital storage options and compatibility for integrated analytical software.

According to Global CCTV Market Forecast 2022, analysts expect the market for global CCTV to grow at a CAGR of around 11% during 2018-2022. 

Clearly, a successful hack of an enterprise security camera system could lead to a range of implications. Amongst the main ones is unauthorised access to video and audio streams of data, as well as to the archive, violation of confidentiality, HIPPA, PII and potential leaks of personal and corporate information, possible copying, unauthorised distribution and duplication of such data.

“Most Enterprise video surveillance systems are vulnerable to hackers. According to our studies, more than half of companies and organisations, both large and small, do not take sufficient precautions when it comes to preventing their security cameras from being hacked. Be it ignorance or just careless approach to security of their network in general, the results of hacking can be disastrous,” says Chris Ciabarra, the CTO and co-founder of Athena Security.

With the increasing number of surveillance cameras installed in homes, offices and public places, hacking incidents related to these devices happen more and more often. 

The ease of hacking surveillance cameras

It’s not a secret that surveillance cameras, like many other Internet of things (IoT) devices, are full of vulnerabilities that can be exploited by hackers. 

A hacker can find hundreds of potentially vulnerable IoT devices to hack into

Cameras, just like all other devices connected to the Internet, have IP addresses that are easy to find using Shodan, a search engine for Internet-connected devices. With this simple tool, a hacker can find hundreds of potentially vulnerable IoT devices to hack into, including cameras, especially when most companies use default passwords. 

The solution

Below are basic recommendations on how to protect your camera network, and what actions you should take to minimise the chance of hacking.

  • Change the default username and password 

You should start by changing the default password and username of your camera network. Even though this may seem obvious, not everyone does it, practically leaving the door for hackers wide open. 

Use a strong password that is hard to guess. When setting up the password use numbers, symbols, both uppercase and lowercase letters. Do not use simple and commonly used passwords, such as the ones in SplashData's list of 100 worst passwords of the year.

Do not use the same password you are already using for other online accounts. According to a recent survey on data privacy conducted in May 2019, 13% of respondents with at least one online account say they use the same password for all their accounts. Using a password manager to generate a strong random password may be a good idea. 

  • Update your camera firmware regularly

Keeping cameras firmware up-to-date is very important as it allows you to prevent hackers from exploiting vulnerabilities and bugs that are already patched by manufacturers in a new firmware update. 

Despite the fact that most modern cameras will automatically download and install firmware updates, some require the user to check for updates and install them. 

  • Set up two-factor authentication 

Set up the two-factor authentication if your cameras support it. With two-factor authentication on, the camera manufacturer will send you a randomly generated passcode via text message or phone call, as an addition to username and password, during each log in to the account. Two-factor authentication prevents hackers from accessing the camera system even if they were able to crack username and password. 

Not all surveillance camera systems support two-factor authentication, though. 

Technical recommendations

  • Prevent cameras from sending information to third parties

Companies that use surveillance cameras very often do not put enough effort into protecting their cameras and the data they transmit, despite the fact that this footage is of great importance to many people.

The firmware of most cameras from different manufacturers is programmed in a way to keep a connection with the manufacturer’s server without knowledge of the end-user. Most users, both private and corporate, are not aware of this and therefore do not take any steps to protect themselves from this potential vulnerability, which could result in footage leak to a third party or a successful hacker attack.

To prevent your camera network from transmitting, the following steps should be taken.

Step 1: Statically assign an IP address

Statically assign IP address for each camera, subnet mask and leave gateway blank or, if this is allowed in gateway fields to be entered. If the firmware does not allow blank or 127 subnets, just point gateway to an unused dedicated IP address.  

This way, cameras will not be able to send the information off the local company network.

Step 2: Assign DNS servers

Assign DNS servers that are local to cameras and force only your domain to be present with zero forwarding DNS servers. 

This way, if a camera tries to do name resolution, it will come up blank. Not being able to find the IP address of the main server (mother ship), cameras won’t be able to connect to it.   

To stay safe you can order your own DNS servers, locked down to your addresses only.

  • Block your camera network’s access to the Internet 

Blocking your camera network’s access to the Internet is a good way to make sure hackers won’t be able to get access to the footage and other confidential data. Any dual-homed system touching your camera network should be blocked from Internet access. This way all systems in the same subnet won’t have access to the Internet from that box.

Always use DNS because firewall rules tend to be easy to hack, while DNS that is internal is not expected and stops systems from resolving names you do not wish to be translated, like talking back to the mothership of a bad program. 

  • Monitor your system for traffic spikes 

One of the tricky things about hacker attacks is that there are no warnings. In most cases hackers would penetrate your system without any signs or symptoms of an attack, and it isn’t until you face consequences (like leaked footage or hackers manipulating cameras) when you realise something is wrong. It may be days or even months between the hacker attack and the time you realise the system has been compromised. 

Monitoring dual-homed systems for bandwidth spikes could be a good way to spot a hack resulting in the leakage of confidential data like images or video. There are a number of traffic monitoring tools available to private and corporate users that can manage and sniff the network or just monitor them.

  • Facial blur in archived footage 

Blurring people’s faces when archiving in surveillance camera video streams is a great tool, allowing you to comply with privacy laws and make the footage useless to hackers even if they manage to successfully hack your system.

These recommendations will allow you to lower the risk of hackers breaking into your security camera network, detect the hack if it has occurred already, and to protect yourself from possible consequences if camera footage was stolen.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

Author profile

Christopher Ciabarra CTO, Athena Security, Inc.

Chris is a serial entrepreneur and security expert with over 20 years experience using technology to detect and prevent threats. He has dedicated his career to building proactive solutions to security threats. He is an anti-hacking expert who pioneered network security solutions during the dot-com boom, and mobile payment security during the rise of mobile computing. Chris is an award-winning innovator, published author, and member of the Forbes Technology Council. But above all he is an inventor dedicated to making the world a better place.

From 2010 – 2017 he co-founded and was the CTO of Revel Systems, helping grow it from 0 to 800 employees and a $500 million evaluation. Chris developed the technology behind the company’s iPad point-of-sale system. When everyone said it was impossible, Chris made it happen. Chris also designed Athena to create a safer world - one where real threats are quickly identified and neutralised, and where the innocent wouldn’t be profiled as a threat without just cause. 

Christopher is also a certified Thermographer, which is the study of infrared devices and how they work and should be operated.

In case you missed it

What are the latest trends in perimeter security technology?
What are the latest trends in perimeter security technology?

Perimeter security is the first line of defence against intruders entering a business or premises. Traditionally associated with low-tech options such as fencing, the field of perimeter security has expanded in recent years and now encompasses a range of high-tech options. We asked this week’s Expert Panel Roundtable: What are the latest trends in perimeter security technology?

Secure access control is helping to shape the post-pandemic world
Secure access control is helping to shape the post-pandemic world

With the continued rolling back of COVID restrictions in the UK, there is a palpable sense of relief. A mixture of mass vaccinations, widespread testing, and track and tracing of the infection is helping to enable a healthy bounce back for businesses – with secure access control taking an important role in facilitating this. However, rather than just being a reaction to the wake of the pandemic, there is every sign that the economy, and consequently the security sector as well, are both rebuilding and reshaping for the long-term new normal. Prioritising Safety Already deemed an essential service even during the first wave of the pandemic, the security industry has of course taken a vital role in protecting people and property throughout the crisis. Now that venues in the UK are starting to reopen again, our services are key to occupancy management and ensuring that disease transmission is limited as far as possible. Access control is also key in reassuring people that their safety is a priority. Making the upgrade It’s all been about choosing the most suitable components and technology that already existed with a few “tweaks”  Businesses and organisations have a duty of care to their employees and the safety of visitors – so controlling access, employing lateral flow testing, and deploying suitable Track & Trace mechanisms are all key components. I think those outside our industry are surprised to learn that most of the technology being deployed and used hasn’t just magically developed since COVID appeared – it’s all been about choosing the most suitable components and technology that already existed albeit with a few development “tweaks” or adjustments for the situation at hand. This includes using or installing facial recognition readers rather than using fingerprint or contact tokens, it is swapping to automatic request to exit sensors instead of buttons; it is using powered secure doors rather than having people all grab the same handle. Using mobile credentials is also a key technology choice – why not use the highly secure, easy to manage, cost-effective, and of course contact-free benefits of this approach? Touchless solutions We have seen a clear shift in organisations looking to protect their staff and visitors. For instance, we have a big utility customer in Southeast Asia that has just replaced close to 200 sites using fingerprint readers with an additional facial recognition capability. We have also seen a big rise in demand for touchless request to exit sensors and Bluetooth Low Energy Readers for use with smartphone authentication. Working together Integration of security systems is of course nothing new, but in the post-pandemic or endemic age, it has perhaps never been more important. Installations need to be simple, straightforward, and rapid to help maintain safe distancing but also to ensure systems can be deployed as soon as they are needed. The world is changing and developing rapidly and there is simply no place for systems that don’t work with others or cause the end-user considerable cost and inconvenience to upgrade. This flexible delivery of security solutions perfectly matches the evolving and increasing demands of the market. It’s clear that end-users want systems that work well and can easily integrate with their existing systems – not only security but all the other business components which work in unison with each other over a shared network. Great opportunities ahead The recent work-from-home trend is also clearly changing the way organisations and businesses interact with the built environment. Lots of companies are downsizing, offices are being split up, there is lots of revitalisation and reuse of existing office space – all of which creates considerable opportunities for security providers. UK inflation more than doubled in April 2021 with unemployment figures dropping and the Pound rising in value There are also, in the UK at least, clear signs that the construction industry is rapidly growing again -with a forecast of 8% rebound and growth this year. UK inflation more than doubled in April 2021 with unemployment figures dropping and the Pound rising in value – all positive signs for UK-based security providers. Undoubtedly the highly successful UK vaccination rollout has helped considerably, but there are signs that the Eurozone looks set to improve considerably over the next few months as well. Using integrated access control Undoubtedly the pandemic has made security markets around the world more aware of the benefits of integrated access control in managing the needs of the new normal COVID endemic environment. For example, as a business, we have always had keen interest from the UK healthcare sector, but over the last 12 months, we have seen a big growth in previously modest international markets including Morocco, Kuwait, Bahrain, Thailand, Singapore, Hong Kong, and Thailand – all of which are very keen to adopt improved access control solutions. Learning the lessons Nobody would deny the last year or so has been unprecedentedly tough on everyone, as a society we have had to make huge changes and sacrifices. Governments, organisations, and businesses all need to be better prepared in the future, to understand the things that went wrong and those that were successful. However, there is a world beyond the immediate pandemic and its effects. Flexible working practices and the changes these will have to the way we live and work will undoubtedly present great opportunities for the security sector in helping the world evolve. The pandemic has been a wake-up call for many organisations with regards to their duty of care to employees – particularly when it comes to mental health and providing a sensible work/life balance. Where we work and the safety of these facilities has received far more scrutiny than before. Flexible security systems Integrated security solutions have a vital role to play in not only protecting the safety of people during the post-lockdown return to work but also in the evolution of the built environment and move towards smart cities - which inevitably will now need to consider greater flexibility in securing home working spaces rather than just traditional places of work. Importantly, powerful access control and integrated security systems need to be flexible to the uncertainties ahead. The COVID pandemic has shown that nothing can be considered certain, except the need for greater flexibility and resilience in the way we operate our professional and personal interactions.

Which security technologies will be useful in a post-pandemic world?
Which security technologies will be useful in a post-pandemic world?

In the past few weeks, the light at the end of the COVID-19 tunnel has brightened, providing new levels of hope that the worst of the pandemic is behind us. Dare we now consider what life will be like after the pandemic is over? Considering the possible impact on our industry, we asked this week’s Expert Panel Roundtable: Which security technologies will be most useful in a post-pandemic world?