Eyewitness Surveillance Blog: Block Security Camera Hackers in 4 Steps

Block Security Camera Hackers in 4 Steps

By | Cameras | No Comments

With the advent of the Internet of Things, increased functionality and convenience can lead to decreased privacy and security. Wikileaks, for example, released documents on March 7, 2017, that indicated the CIA can hack civilians’ smart devices as part of a sophisticated spying scheme. At Eyewitness Surveillance, we recently received reports of possible security camera vulnerabilities within our system. However, our proactive approach to security means that our security networks were—and remain—safe from hacks. Read on to discover the four ways we protect our clients from hackers—and how you can guard against security camera hackers using the same methods.

Recent Security Concerns with Security Camera Firmware

In March 2017, a devastatingly simple security loophole was discovered within the firmware of the most popular security camera models, including Dahua and Hikvision. Unscrupulous hackers could access the user authentication screen and “pass the hash” to force the camera’s system to admit the hacker. The system would then grant the hacker access to all the security cameras on the user’s system.

Now, hackers accessing security camera networks generally aren’t trying to spy on the businesses and offices where the cameras are installed. Instead, hackers will flood the cameras’ basic Linux computers with computer viruses. These viruses—or “bots”—will then attack the websites or Internet-based systems which are the hackers’ real targets.

Enough compromised cameras result in Distributed Denial of Service (DDoS) attacks, shutting down websites and services. When authorities attempt to trace the origin of the attack, they only find the compromised security camera hosts, and not the hacker him- or herself.

Before we go any further, we’d like to reassure readers and clients alike that no Eyewitness Surveillance camera systems were impacted by this latest vulnerability. All client systems remained operational and unhacked. The firmware vulnerability that allowed the hacker access loophole has since been repaired on all Eyewitness Surveillance cameras.

4 Steps to Block Security Camera Hackers 

This isn’t the first vulnerability that’s been discovered in professional hardware and software systems, and it won’t be the last. We’ve designed our video camera hard- and software to repel hackers’ basic and advanced methods for gaining access to vulnerable systems through four primary tactics that anyone can use to defend against security camera hackers.

1. We constantly update firmware and software.

You know that annoying notification that beeps whenever the latest software update is ready for installation? It might be annoying, but those updates play a vital role in maintaining soft- and hardware security.

Updates do basic things like fix wonky programs and adjust the appearance of your favorite apps. However, those same updates also contain preemptive repairs to vulnerable code and processes within your device. These patches prevent hackers from taking advantage of unintended “backdoors” into your device.

Eyewitness Surveillance continuously updates every camera with the latest security patches and software fixes the instant it becomes available, countering criminal activity before it even happens.

2. We never use default settings.

Even the most advanced security hardware and software doesn’t start out as completely secure immediately after installation. There are industry “default” settings that most cameras and software come with to facilitate fast installation and implementation.

Those default settings are known by the hackers, though. Basic passwords and “admin” usernames, leaving the default port number as 80 rather than the thousands available—these all must change, otherwise hackers won’t need to exploit a code vulnerability to access a security system.

No matter how sophisticated a system is designed to be, it’s also designed to be responsive to authorized users. By leveraging default settings still in place in the field, hackers can masquerade as authorized users and do whatever they want with the system.

Eyewitness Surveillance never uses the default settings, and maintains the strictest standards of password authentication. Our recently released mobile applications require users to create passwords a minimum of 12 characters long, case-sensitive, and require both numbers and special characters.

That’s just for our mobile application—our protocols for client security systems is even stricter!

3. The live video surveillance system is constantly monitored in-house by security experts and software professionals.

The problem with “set it and forget it” security systems is that, should the worst happen and criminal activity occur, no one will know what happens until after it’s too late to stop. Hacked CCTV security cameras may not be identified as compromised for hours—even days—after hackers gain access, since these cameras aren’t actively monitored.

So, the same reason why our clients opt for our live video surveillance security system, is why our security cameras are more secure than other companies’ systems.

We’re constantly updating and using the installed cameras every day and night to protect our clients’ property. As we maintain the software and hardware required to best secure our sites, we keep an eye on our (several) firewalls for signs of attempted access and other indications of unauthorized activity—and stop it before it penetrates the system.

Not only that, but as we monitor sites from our central station, we can tell if someone has started devoting computing power to something other than scanning the designated search area. If the camera is unable to provide enough processing power to maintain analytics or stream live footage, then we are able to immediately take action to fix the issue and secure the system before it causes widespread damage.

4. Our security cameras exist within an isolated system.

We saved the most important security feature for last: Eyewitness Surveillance security camera systems are basically network “islands.” Even if the worst were to happen and our cameras were somehow hacked, a client’s reputation and digital assets are never at risk to hackers’ ambitions.

Our security cameras may require access to our clients’ Internet capabilities, but the cameras are never connected to the business network itself. Therefore, it is impossible for a hacker to jump from a hacked Eyewitness camera to a client’s business computers or digital collateral.

Your website will never inadvertently host inappropriate ads; your business bank accounts will not be drained; and your own customer information will not be exposed to hackers of Eyewitness security cameras.

Again, Eyewitness Surveillance cameras have never been compromised by hackers, either using the (repaired) user access vulnerability or via other codes. Our clients’ digital property remains as secure as their physical inventory and assets. We don’t rest on our laurels, however, as we constantly test, update, and repair potential problems before they could ever impact our security systems and customers.

So our clients can relax, knowing that their security system protects against—rather than exposing them to—criminal activity and security camera hackers.

New Call-to-action

Eyewitness Surveillance's National Crime Alert for April 24, 2017

The Eyewitness National Crime Alert for April 24, 2017

By | Surveillance, Theft | No Comments

These incidents were reported across the country from 4.17.17 to 4.23.17

Fort Hill, SC – Reported 4.17.17

12 Tires in 12 Hours

A Fort Hill dealership had 12 tires stolen from 4 Ford F150s sometime between 9 PM Saturday (4.15.17) and 9 AM Sunday (4.16.17). No video surveillance captured the thieves in the act, and police were unable to lift fingerprints from the vehicles found floating on cinder blocks. (Original article)

Stuart, FL – 4.17.17

Tire Thief Trio Trapped with Truck Topped with Tires

Local deputies pulled over a box truck full to the brim with stolen tires from local area dealerships, arresting the three accomplices who claim they were transporting the stolen goods as a favor to a fourth unspecified party. Video footage previously caught the trio actively stealing tires from a dealership, which allowed authorities to positively identify the thieves. (Original article)

Read More

The Eyewitness Surveillance National Crime Alert for April 17, 2017

The Eyewitness National Crime Alert for April 17, 2017

By | Cameras, Surveillance, Theft | No Comments

These incidents were reported across the country from 4.11.17 to 4.16.17

Moorhead, MN – 4.11.17

Ex-Employee Pleads Guilty to $450,000 Embezzlement Scheme

The former accountant for a local dealership plead guilty to one charge of theft (originally 10 theft counts), corroborating the guilty plea of his accomplice and the dealership’s former general manager in February 2017. A dealership co-owner originally reported suspicions of embezzlement to the police in May 2014. All told, the two embezzlers took somewhere around $450,000 from the dealership, some of which was covered by an insurance settlement. (Original article)

Chicago, IL – 4.12.17

Thieves Bash Barricade to Steal Cars from O’Hare Car Lot

Early Wednesday morning, a gang of thieves stole “between eight and 10” cars from an O’Hare rental car lot. One thief rammed a stolen vehicle into the defensive parking barricade employees had established, clearing the way for other thieves to escape with their stolen cavalcade. No word on the location of the stolen cars or any impending arrests. (Original article)

Read More

Eyewitness Surveillance's National Crime Alert for April 11, 2017

The Eyewitness National Crime Alert for April 11, 2017

By | Surveillance, Theft | No Comments

These incidents were reported across the country from 4.3.17 to 4.10.17

Cleveland Heights, OH – 4.3.17

Study Reveals 885 Auto Thefts Over Two Years

“Stolen in the Suburbs,” a series on Cleveland auto thefts by Cleveland.com, reports that approximately 25% of all stolen vehicles in Cleveland over a two-year span were stolen from Cleveland Heights out of eight suburbs studied. Of these, most thefts occurred during the night and were only discovered missing the following morning. Half of the recovered stolen vehicles were found in Cleveland proper, though several found their way across state borders—including one in Mesa County, Arizona. The most popular vehicles stolen during the studied timeframe were Dodges (24 of various models) and Jeeps (predominantly Cherokee and Liberties). (Original article)

Read More

Eyewitness Surveillance's National Crime Alert for April 3, 2017

The Eyewitness National Crime Alert for April 3, 2017

By | Cameras, Surveillance, Theft | No Comments

These incidents were reported across the country from 3.27.17 to 4.2.17

Oswego, NY – Reported 3.27.17

Felon Crashes Pontiac G6 Within Minutes of Break-In

Police arrested a felon—previously on parole for third-degree burglary—for the theft of a 2008 Pontiac G6 from a Syracuse car dealership on March 16. The man broke through one of the dealership’s doors between 10 and 11 PM to steal the G6’s keys, then promptly crashed the vehicle within minutes of the theft. (Original article)

Galax, VA – Reported 3.27.17

Truck Stolen From Dealership Within a 25-Hour Timeframe

A local dealership seeks a stolen 2016 Dodge Ram pickup truck, taken from their dealership sometime between 9 PM Saturday (3.25.17) and 10 PM Sunday (3.26.17). The dealership has made no surveillance footage of the vehicle available, nor can offer an exact time of theft within the possible 25-hour period. Anyone with information should contact Galax police at 276-236-8101. (Original article)

Read More

Survey and Infographic of National Security Habits by Eyewitness Surveillance

Where Americans Don’t Lock Their Doors [Survey]

By | Surveillance, Theft | One Comment
Americans work hard to have and maintain safe and happy lives. So when a burglary happens, it feels like a violation of our security and sense of peace. In the United States, a burglary occurs every 13 seconds, which means over 2.5 million home intrusions are reported every year. We surveyed 1,000 Americans to see what people think about security in their living environments. Check out the results in the infographic below.

Where Americans Don't Lock Their Doors Survey Infographic by Eyewitness Surveillance Read More

Eyewitness Surveillance's National Crime Alert for March 27, 2017

The Eyewitness National Crime Alert for March 27, 2017

By | Cameras, Theft | No Comments

These incidents were reported across the country from 3.20.17 to 3.26.17

Laredo, TX – 3.20.17

Cars Stolen From Texas Dealerships Used for Human Trafficking, Assassinations

On Monday (3.20.17), police announced 16 arrests connected with an auto-theft ring transporting stolen cars from Laredo, Austin, San Antonio, and Houston dealerships to criminals in Mexico. Back in January, police officers pulled over a car that had been previously reported as stolen. They detained the passenger and driver, resulting in the dissolution of the auto-theft ring. At least 18 vehicles—mostly pickup trucks—were stolen and transported to Mexico for drug gangs to use in human trafficking and assassinations. Police are still looking for 7 suspects in relation to the case. (Original article)

St. Paul, MN – Reported 3.22.17

Student Automotive Technology Program Loses $30k in Tools to Theft

A scoundrel stole $30,000 worth of tools, $2,000 in cash, and a 20-year-old Toyota Camry in for repairs at a student-run automotive service station. A high school automotive instructor visited the building on Sunday (3.12.17) to discover a vehicle bay door open. There was no sign of forced entry, and the police currently have no suspects. The tools were the greatest loss to the student automotive program, as crucial components to the automotive technician student classes. If you’d like to help the school district replace the missing tools, please visit their GoFundMe fundraiser page.  (Original article)

Read More

Eyewitness Surveillance's National Crime Alert for March 20, 2017

The Eyewitness National Crime Alert for March 20, 2017

By | Theft | No Comments

These incidents were reported across the country from 3.13.17 to 3.19.17

Opelika, AL – Reported 3.13.17

Car Disappears Without a Trace From Dealership Lot

Police are stumped in solving a car theft that occurred last Saturday (3.11.17). The only information available is that a vehicle of undisclosed make and model was stolen from a local area dealership sometime on Saturday, with no suspects identified and no arrests made. (Original article)

Tulsa, OK – Reported 3.14.17

CCTV Footage of Crowbar Vandal in Tulsa, OklahomaUninsured Cars Vandalized by Would-Be Burglar

A family-owned Tulsa dealership suffered a crowbar-delivered financial blow on Sunday night (3.12.17) when a would-be burglar destroyed their inventory. CCTV footage shows a man attempting to break into the dealership building. When he could not enter, he smashed the back windshields of 28 out of 30 cars on the dealership’s lot with a crowbar. Because the vehicles were uninsured, the owners must repair the vehicles using their own funds. Anyone with knowledge of the vandal’s identity should reach out to the dealership’s owners for a potential $1,000 reward. (Original article & photo credit)

Read More

Advanced Key Management Security for Keyless Entry Vehicles

Advanced Key Management Security for Keyless Entry Vehicles

By | Operational Efficiencies, Theft | One Comment
Cars these days are essentially two-ton computers on wheels, most obviously through advances in key technology. Remember the days you had to put a metal key to turn the ignition? Now, you just press a power button on the dashboard. However, smart keys and keyless entry systems leave a gaping security risk on your car lot, which criminals easily exploit. You can plug this security hole, though, through consistent key management protocols and something called a Faraday cage.

Read More

Eyewitness Surveillance's National Crime Alert for March 13, 2017

The Eyewitness National Crime Alert for March 13, 2017

By | Surveillance, Theft | 2 Comments

These incidents were reported across the country from 3.6.17 to 3.12.17

Austin, TX – 3.6.17Stolen Audi Crashed Into Emergency Room Wall in Austin, Texas

Stolen Audi From Austin Collision Shop Crashes Into Hospital Wall

Austin police arrested a Houston resident for stealing a 2014 Audi RS7—worth $123,740—from a local collision center while waiting for a rental car. Shop employees helped the man load his belongings into the Audi and gave him the car’s keys before realizing that he didn’t own it. The man got away for his joy ride in the stolen Audi, apparently clipping another vehicle while trying to pass on the sidewalk. The car then crashed into a wall near a Houston emergency room. Police and the emergency room’s security guards then chased the man down to arrest him. (Original article & photo credit)

Read More