Articles by Christopher Ciabarra
IP cameras for video surveillance has been a trending topic amongst enterprises across the world due to rising concerns for security and safety. IP CCTV cameras are revolutionising security measures, and technology has evolved to allow for a more diverse security monitoring system through high resolution, larger digital storage options and compatibility for integrated analytical software. According to Global CCTV Market Forecast 2022, analysts expect the market for global CCTV to grow at a CAGR of around 11% during 2018-2022. Clearly, a successful hack of an enterprise security camera system could lead to a range of implications. Amongst the main ones is unauthorised access to video and audio streams of data, as well as to the archive, violation of confidentiality, HIPPA, PII and potential leaks of personal and corporate information, possible copying, unauthorised distribution and duplication of such data. “Most Enterprise video surveillance systems are vulnerable to hackers. According to our studies, more than half of companies and organisations, both large and small, do not take sufficient precautions when it comes to preventing their security cameras from being hacked. Be it ignorance or just careless approach to security of their network in general, the results of hacking can be disastrous,” says Chris Ciabarra, the CTO and co-founder of Athena Security. With the increasing number of surveillance cameras installed in homes, offices and public places, hacking incidents related to these devices happen more and more often. The ease of hacking surveillance cameras It’s not a secret that surveillance cameras, like many other Internet of things (IoT) devices, are full of vulnerabilities that can be exploited by hackers. A hacker can find hundreds of potentially vulnerable IoT devices to hack into Cameras, just like all other devices connected to the Internet, have IP addresses that are easy to find using Shodan, a search engine for Internet-connected devices. With this simple tool, a hacker can find hundreds of potentially vulnerable IoT devices to hack into, including cameras, especially when most companies use default passwords. The solution Below are basic recommendations on how to protect your camera network, and what actions you should take to minimise the chance of hacking. Change the default username and password You should start by changing the default password and username of your camera network. Even though this may seem obvious, not everyone does it, practically leaving the door for hackers wide open. Use a strong password that is hard to guess. When setting up the password use numbers, symbols, both uppercase and lowercase letters. Do not use simple and commonly used passwords, such as the ones in SplashData's list of 100 worst passwords of the year. Do not use the same password you are already using for other online accounts. According to a recent survey on data privacy conducted in May 2019, 13% of respondents with at least one online account say they use the same password for all their accounts. Using a password manager to generate a strong random password may be a good idea. Update your camera firmware regularly Keeping cameras firmware up-to-date is very important as it allows you to prevent hackers from exploiting vulnerabilities and bugs that are already patched by manufacturers in a new firmware update. Despite the fact that most modern cameras will automatically download and install firmware updates, some require the user to check for updates and install them. Set up two-factor authentication Set up the two-factor authentication if your cameras support it. With two-factor authentication on, the camera manufacturer will send you a randomly generated passcode via text message or phone call, as an addition to username and password, during each log in to the account. Two-factor authentication prevents hackers from accessing the camera system even if they were able to crack username and password. Not all surveillance camera systems support two-factor authentication, though. Technical recommendations Prevent cameras from sending information to third parties Companies that use surveillance cameras very often do not put enough effort into protecting their cameras and the data they transmit, despite the fact that this footage is of great importance to many people. The firmware of most cameras from different manufacturers is programmed in a way to keep a connection with the manufacturer’s server without knowledge of the end-user. Most users, both private and corporate, are not aware of this and therefore do not take any steps to protect themselves from this potential vulnerability, which could result in footage leak to a third party or a successful hacker attack. To prevent your camera network from transmitting, the following steps should be taken. Step 1: Statically assign an IP address Statically assign IP address for each camera, subnet mask and leave gateway blank or 127.0.0.1, if this is allowed in gateway fields to be entered. If the firmware does not allow blank or 127 subnets, just point gateway to an unused dedicated IP address. This way, cameras will not be able to send the information off the local company network. Step 2: Assign DNS servers Assign DNS servers that are local to cameras and force only your domain to be present with zero forwarding DNS servers. This way, if a camera tries to do name resolution, it will come up blank. Not being able to find the IP address of the main server (mother ship), cameras won’t be able to connect to it. To stay safe you can order your own DNS servers, locked down to your addresses only. Block your camera network’s access to the Internet Blocking your camera network’s access to the Internet is a good way to make sure hackers won’t be able to get access to the footage and other confidential data. Any dual-homed system touching your camera network should be blocked from Internet access. This way all systems in the same subnet won’t have access to the Internet from that box. Always use DNS because firewall rules tend to be easy to hack, while DNS that is internal is not expected and stops systems from resolving names you do not wish to be translated, like talking back to the mothership of a bad program. Monitor your system for traffic spikes One of the tricky things about hacker attacks is that there are no warnings. In most cases hackers would penetrate your system without any signs or symptoms of an attack, and it isn’t until you face consequences (like leaked footage or hackers manipulating cameras) when you realise something is wrong. It may be days or even months between the hacker attack and the time you realise the system has been compromised. Monitoring dual-homed systems for bandwidth spikes could be a good way to spot a hack resulting in the leakage of confidential data like images or video. There are a number of traffic monitoring tools available to private and corporate users that can manage and sniff the network or just monitor them. Facial blur in archived footage Blurring people’s faces when archiving in surveillance camera video streams is a great tool, allowing you to comply with privacy laws and make the footage useless to hackers even if they manage to successfully hack your system. These recommendations will allow you to lower the risk of hackers breaking into your security camera network, detect the hack if it has occurred already, and to protect yourself from possible consequences if camera footage was stolen.
There are many companies jumping into selling temperature detection systems to the state, local governments, hospitals, airports and local businesses, but do they know how to drive one? Anyone can get behind a car and drive it into a wall by accident. The same can happen with a temperature detection system. The first thing you should ask is “does my firm have a certified thermographer?”. If not, the firm are at risk of getting a low quality system that is being resold to make quick cash. Businesses that are doing this do not know how to operate it properly. Asking the right questions Secondly, you should ask whether the system is NDAA compliant. NDAA compliance means that your temperature detection equipment is protected by U.S. law. Does your system have a HSRP device (blackbody)? HSRP (Heat Source Reference Point) is a device that will allow the camera to detect the correct temperature a distance. Even if the room temperature does change throughout the day, treat it as a reference point for the camera to know the temperature at that distance. Can your system scan mutliple people at once? Can your system scan mutliple people at once? This is a bad question but often asked since most systems will say yes. For ease, everyone wants to scan many people at once, but the best practice according to FDA and CDC guidelines is to run one person at a time for best accuracy. Why? The HSRP (blackbody) device tells the camera what the correct temperature is at a given distance away from the camera. Every foot you are away from the HSRP device will be off by 0.1 degrees roughly. If you are in a room full of people, let's say 6, in view of the camera, every person that is not next to the HSRP device (5) will be given an inaccurate reading. Hence why it is so important to run the system correctly with just one person at a time. You will also need to follow the 6 feet rule. If you take that into consideration, one at a time at 6 feet apart, the device should tell you how you need to run the system. Sensitivity of thermal imaging Is your system’s sensor accurate enough? The FDA recommends an error of ±0.5°C or better. When looking for a system, make sure it is better than what they recommend. I would recommend ±0.3°C or better. Do not purchase a system over ±-.5°C degrees as you are doing yourself and your customers or employees an injustice. Another thing to look at is how many pixels it can determine the temperature from. Some cameras can only tell the temperature of 6 points on the screen, whilst others can take a temperature reading from each pixel. Take a 384x288 camera, for example, which would be over 110,000 points of temperature taking on a single image. Thermal cameras are very sensitive, so there are a lot of do’s and don’ts. For example, the system cannot see through glasses or hats. On the below image you can see a person with the visual camera on the right, whilst on the left side is through a thermal camera. Both are pointing at the same area. It is clear the person on the left side is “invisible” to the thermal imaging camera. Demonstrating the sensitivity of thermal imaging If you are a company who wants to detect the temperature of customers or employees though the front door, window or a car window, the answer would be no. You need a clear line of sight without any interference to scan for temperatures. Other things you need to look out for is wind and distance away from the HSRP (blackbody) device. Air and distance away from the HSRP device will make the system less and less accurate the more space between the device. Air and distance away from the HSRP device will make the system less and less accurate Thermal imaging and COVID-19 If you have a clear line of sight, is there anything I need to know? The answer is yes. Reflective materials such as metal can interfere with your temperature readings. Reflective materials are easily picked up from the thermal side so pointing at a medal, glass or anything reflective can cause inaccuracies within the system. In the age of COVID-19, temperature detection systems are more important than ever. Organisations must get a system in place to help scan for high temperatures in order to reduce the spread of the virus.