Is your establishment’s surveillance system as secure as you think? Gone are the days when these security measures were a set-and-forget solution. Hackers have learned to take advantage of and breach CCTV camera flaws.
Keep reading to learn more.
How They Do It
The cybersecurity research company GreyNoise discovered these attacks through an advanced AI analysis tool. It found that cybercriminals have targeted network device interface-enabled (NDI) pan-tilt-zoom (PTZ) cameras from various manufacturers.
Their main vector of attack is zero-day vulnerabilities or newly discovered software flaws that have yet to receive a patch. Once accessed, they could manipulate camera settings, watch live feeds, and start botnet integration.
Are Your Cameras Compromised?
Expensive doesn’t necessarily mean secure. GreyNoise warns that the affected devices belong to the high-cost category, some worth thousands of dollars.
The list includes PTZOptics, SMTAV Corporation, and Multicam Systems SAS units based on Hisilicon Hi3516A V600 SoC V60, V61, and V63. Get firmware updates immediately if you have these setups with anything lower than the 6.3.40 version.
Message your provider to confirm the status of your specific cameras for your peace of mind.
Signs You Have Hacked Cameras
Aside from updating your system and reading communication from your provider, it never hurts to check for unusual activity:
- The camera emits strange sounds or unfamiliar voices
- Unexpected movements or angles during a recording
- LED light blinks or flashes despite nobody accessing the camera
- Changed settings without your input
- An unexplained spike in data usage or network traffic
Minimizing Cyberattacks
Why wait for your establishment’s security to become compromised? Stay proactive through:
- Stronger passwords: Some use their model’s default username and password and forget to change them later. Hackers ping every internet-capable device to find easy targets, so pick a random combination of upper-case and lower-case letters, numbers, and special characters.
- Limited access: Attackers can access individual authorized devices instead of the entire network. Try to minimize the number of devices that can manipulate the security system.
- Virtual private networks (VPNs): Do your operations require remote camera access? Get a VPN to hide the connection and make your traffic more private.
- Cloud access: If you can’t set up a VPN, cloud-based usage is the next best option. A heavily monitored third-party server hosts device control and recorded footage.
- Built-in advanced data encryption: Look for cameras with technologies like SSL/TLS and WPA2-AES that make it harder for hackers to access footage and other data. It’s like adding another lock to your digital door.
- Two-factor authentication (2FA): Many cameras already have 2FA, which requires an extra step when logging in; you just have to enable it. Even when someone cracks your password or exploits CCTV camera flaws, they still need your approval to get in.
