There’s no denying that cyber-crime is one of the biggest threats facing any organisation with the devastating results they can cause painfully explicit. Highly publicised cases stretching from the US government to digital giant Facebook has made tackling cyber security a necessity for all major organisations. The consequences of breaches have just become more severe, with new GDPR rules meaning any security breach, and resultant data loss, could cost your organisation a fine of up to four per cent of global revenue or up to 20 million euros.

Cyber-crime potentially affects every connected network device. In the biggest cyber-crime to date, hackers stole $1 billion from banks around the world, by gaining access to security systems. It’s more important than ever for organisations to be vigilant when it comes to their cyber security strategy.

To help avoid becoming the next victim, I’ve put together a five-point cyber plan to protect your video surveillance system.

1. Elimination of default passwords

A small change to a memorable, complex password could have huge consequences for your business

It is estimated that over 73,000 security cameras are available to view online right now due to default passwords. ‘Password’ and ‘123456’ are among the top five most popular passwords with a staggering 9,000,000 login details matching this description. Guessable passwords create an unsecure security system which can result in an easy way for hackers to gain access to your organisation’s data, making you vulnerable to a breach. A small change to a memorable, complex password could have huge consequences for your business.

Removing default passwords from products and software forces individuals to think of their own to keep their data safe. If a password system is not provided by your organisation we recommend that your password uses two or more types of characters (letters, numbers, symbols) and it is changed periodically.

2. Encrypted firmware

Encrypting firmware is an important part of any organisations overall security system. Firmware can leave an open door, allowing hackers to access your data. All firmware should be encrypted to reduce the possibilities of it being downloaded from the manufacturers website and deconstructed. If the firmware posted is not encrypted, there is a risk of it being analysed by persons with malicious intent, vulnerabilities being detected, and attacks being made. With i-PRO cameras and recorders, all firmware is securely encrypted to mitigate analysis

There have been cases where a device is attacked by firmware vulnerabilities even if there are no problems with the user's settings, rendering it inoperable, and DDoS attacks being made on other servers via the device. With i-PRO cameras and recorders, all firmware is securely encrypted to mitigate analysis.

There is also a possibility of being attracted to spoofing sites by targeted attack email and firmware being updated with a version that includes a virus, so firmware must always be downloaded from the vendor's page. It may also be advantageous to combine this with an imbedded Linux operating system which removes all unused features of the device, it can help to reduce the chances of malicious entities searching for backdoor entities and inserting codes.

3. Removing vulnerabilities within the operating systems

Vulnerability is the name given for a functional behaviour of a product or online service that violates an implicit or explicit security policy. Vulnerabilities can occur for a number of reasons for example, due to an omission in logic, coding errors or a process failure.

Network attacks exploit vulnerabilities in software coding that maybe unknown to you and the equipment provider. The vulnerability can be exploited by hackers before the vendor becomes aware. You should seek to minimise these issues by looking for a secure operating system which is regularly updated.

Panasonic is taking a number of steps to ensure its consumers remain safe and secure
Panasonic has developed Secure Communications, a platform and package to protect against video tampering, altering, spoofing and snooping

As a provider of security solutions, Panasonic is taking a number of steps to ensure its consumers remain safe and secure. We have developed Secure Communications, a platform and package to protect against video tampering, altering, spoofing and snooping.

We have combined with a leading provider of highly reliable certificates and technology for detecting and analysing cyber-attacks with its own in-house embedded cryptography technology, to provide a highly secure and robust protection layer for its embedded surveillance products.

4. Avoiding remote login using Telnet or FTP

Telnet and FTP are a very outdated source of software which as a result means they lack built-in security measures

Telnet and FTP are a very outdated source of software which as a result means they lack built-in security measures. File transfer protocol or transfer through cloud-based services means the files and passwords are not encrypted and can therefore be easily intercepted by hackers. An encrypted software removes the risk of files being sent to the wrong person or forwarded on without your knowledge. Telnet predates FTP and as a result is even less secure.

Hyper Transfer Protocol Secure is a protocol to make secure communications by HTTP, and it makes HTTP communications on secure connections provided by SSL/TLS protocols. The major benefits of using this system is that HTTPS and VPN encrypt the communications path, so data after communications is decrypted and recorded.

If recorded data is leaked, it will be in a state where it can be viewed. With data encryption, however, it remains secure and can even be recoded to storage. Thus, even if the hard drive or SD card is stolen or data on the cloud is leaked, data cannot be viewed.

5. Use of digital certificates

Private and public keys are generated at manufacture in the factory and certificates installed at the factoryDigital certificates are intended to safely store the public key and the owner information of the private key it is paired with. It provides assurance that the accredited data from a third party is true and that the data is not falsified.

It is beneficial for all data to be encrypted with digital certificates. Digital certificates are far safer when issued by a third party rather than creating a self-signed version unless you are 100 percent sure of the receiver identity. From April 2016, some models of Panasonic series iPro cameras come with preinstalled certificates to reduce the risk of interception and the hassle of having to create one.

With i-PRO cameras with Secure function, private and public keys are generated at manufacture in the factory and certificates installed at the factory. As there is no way to obtain the private key from the camera externally, there is no risk of the private key being leaked. Also, certificates are signed by a trusted third party, and the private key used for signing is managed strictly by the authority. In addition, encryption has been cleverly implemented to reduce the usual overhead on the IP stream from 20% to 2%.

Download PDF version

Author profile

Karen Sangha Field Marketing Manager - Security Solutions, Panasonic System Communications Company Europe

In case you missed it

What is the changing role of training in the security industry?
What is the changing role of training in the security industry?

Even the most advanced and sophisticated security systems are limited in their effectiveness by a factor that is common to all systems – the human factor. How effectively integrators install systems and how productively users interface with their systems both depend largely on how well individual people are trained. We asked this week’s Expert Panel Roundtable: What is the changing role of training in the security and video surveillance market?

What is AI Face Search? Benefits over facial recognition systems
What is AI Face Search? Benefits over facial recognition systems

When a child goes missing in a large, crowded mall, we have a panicking mom asking for help from the staff, at least a dozen cameras in the area, and assuming the child has gone missing for only 15 minutes, about 3 hours’ worth of video to look through to find the child. Typical security staff response would be to monitor the video wall while reviewing the footage and making a verbal announcement throughout the mall so the staff can keep an eye out for her. There is no telling how long it will take, while every second feels like hours under pressure. As more time passes, the possible areas where the child can be will widen, it becomes more time-consuming to search manually, and the likelihood of finding the child decreases. What if we can avoid all of that and directly search for that particular girl in less than 1 second? Artificial neural networks are improving every day and now enable us to search for a person across all selected camera streamsWith Artificial Intelligence, we can. Artificial neural networks are improving every day and now enable us to search for a person across all selected camera streams in a fraction of a second, using only one photo of that person. The photo does not even have to be a full frontal, passport-type mugshot; it can be a selfie image of the person at a party, as long as the face is there, the AI can find her and match her face with the hundreds or thousands of faces in the locations of interest. The search result is obtained in nearly real time as she passes by a certain camera. Distinguishing humans from animals and statues The AI system continuously analyses video streams from the surveillance cameras in its network, distinguishes human faces from non-human objects such as statues and animals, and much like a human brain, stores information about those faces in its memory, a mental image of the facial features so to speak. When we, the system user, upload an image of the person of interest to the AI system, the AI detects the face(s) in that image along with their particular features, search its memory for similar faces, and shows us where and when the person has appeared. We are in control of selecting the time period (up to days) and place (cameras) to search, and we can adjust the similarity level, i.e., how much a face matches the uploaded photo, to expand or fine-tune the search result according to our need. Furthermore, because the camera names and time stamps are available, the system can be linked with maps to track and predict the path of the person of interest. AI Face Search is not Face Recognition for two reasons: it protects people’s privacy, and it is lightweight Protecting people’s privacy with AI Face Search  All features of face recognition can be enabled by the system user, such as to notify staff members when a person of interest is approaching the store AI Face Search is not Face Recognition for two reasons: it protects people’s privacy, and it is lightweight. First, with AI Face Search, no names, ID, personal information, or lists of any type are required to be saved in the system. The uploaded image can be erased from the system after use, there is no face database, and all faces in the camera live view can be blurred out post-processing to guarantee GDPR compliance. Second, the lack of a required face database, a live view with frames drawn around the detected faces and constant face matching in the background also significantly reduces the amount of computing resource to process the video stream, hence the lightweight. Face Search versus Face Recognition AI Face Search Face Recognition Quick search for a particular person in video footage Identify everyone in video footage Match detected face(s) in video stream to target face(s) in an uploaded image Match detected face(s) in video stream to a database Do not store faces and names in a database Must have a database with ID info Automatically protect privacy for GDPR compliance in public places May require additional paperwork to comply with privacy regulations Lightweight solution Complex solution for large-scale deployment Main use: locate persons of interest in a large area Main use: identify a person who passes through a checkpoint Of course, all features of face recognition can be enabled by the system user if necessary, such as to notify staff members when a person of interest is approaching the store, but the flexibility to not have such features and to use the search tool as a simple Google-like device particularly for people and images is the advantage of AI Face Search.Because Face Search is not based on face recognition, no faces and name identifications are stored Advantages of AI Face Search Artificial Intelligence has advanced so far in the past few years that its facial understanding capability is equivalent to that of a human. The AI will recognise the person of interest whether he has glasses, wears a hat, is drinking water, or is at an angle away from the camera. In summary, the advantages of Face Search: High efficiency: a target person can be located within a few seconds, which enables fast response time. High performance: high accuracy in a large database and stable performance, much like Google search for text-based queries. Easy setup and usage: AI appliance with the built-in face search engine can be customised to integrate to any existing NVR/VMS/camera system or as a standalone unit depending on the customer’s needs. The simple-to-use interface requires minimal training and no special programming skills. High-cost saving: the time saving and ease of use translate to orders of magnitude less manual effort than traditionally required, which means money saving. Scalability: AI can scale much faster and at a wider scope than human effort. AI performance simply relies on computing resource, and each Face Search appliance typically comes with the optimal hardware for any system size depending on the customer need, which can go up to thousands of cameras. Privacy: AI Face Search is not face recognition. For face recognition, there are privacy laws that limits the usage. Because Face Search is not based on face recognition, no faces and name identifications are stored, so Face Search can be used in many public environments to identify faces against past and real-time video recordings. AI Face Search match detected face(s) in video stream to target face(s) in an uploaded image Common use cases of AI Face Search In addition to the scenario of missing child in a shopping mall, other common use cases for the AI Face Search technology include: Retail management: Search, detect and locate VIP guests in hotels, shopping centres, resorts, etc. to promptly attend to their needs, track their behaviour pattern, and predict locations that they tend to visit. Crime suspect: Quickly search for and prove/disprove the presence of suspects (thief, robber, terrorist, etc.) in an incident at certain locations and time. School campus protection: With the recent increase in number of mass shootings in school campuses, there is a need to identify, locate and stop a weapon carrier on campus as soon as possible before he can start shooting. Face Search will enable the authorities to locate the suspect and trace his movements within seconds using multiple camera feeds from different areas on campus. Only one clear image of the suspect’s face is sufficient. In the race of technology development in response to business needs and security concerns, AI Face Search is a simple, lightweight solution for airports, shopping centres, schools, resorts, etc. to increase our efficiency, minimise manual effort in searching for people when incidents occur on site, and actively prevent potential incidents from occurring. By Paul Sun, CEO of IronYun, and Mai Truong, Marketing Manager of IronYun

What technology will impact security most in the rest of 2018?
What technology will impact security most in the rest of 2018?

Where does the time go? Before you know it, here we are at mid-year reflecting on an eventful first half of 2018 in the physical security market. It’s also a good time for our Expert Panel Roundtable to pause and look ahead at what we might expect in the second half of the year. We asked this week’s Expert Panel Roundtable: What technology development will have the greatest impact in the second half of 2018?