With the advent of the Internet of Things, increased functionality and convenience can lead to decreased privacy and security. Wikileaks, for example, released documents on March 7, 2017, that indicated the CIA can hack civilians’ smart devices as part of a sophisticated spying scheme. At Eyewitness Surveillance, we recently received reports of possible security camera vulnerabilities within our system. However, our proactive approach to security means that our security networks were—and remain—safe from hacks. Read on to discover the four ways we protect our clients from hackers—and how you can guard against security camera hackers using the same methods.
Recent Security Concerns with Security Camera Firmware
In March 2017, a devastatingly simple security loophole was discovered within the firmware of the most popular security camera models, including Dahua and Hikvision. Unscrupulous hackers could access the user authentication screen and “pass the hash” to force the camera’s system to admit the hacker. The system would then grant the hacker access to all the security cameras on the user’s system.
Now, hackers accessing security camera networks generally aren’t trying to spy on the businesses and offices where the cameras are installed. Instead, hackers will flood the cameras’ basic Linux computers with computer viruses. These viruses—or “bots”—will then attack the websites or Internet-based systems which are the hackers’ real targets.
Enough compromised cameras result in Distributed Denial of Service (DDoS) attacks, shutting down websites and services. When authorities attempt to trace the origin of the attack, they only find the compromised security camera hosts, and not the hacker him- or herself.
Before we go any further, we’d like to reassure readers and clients alike that no Eyewitness Surveillance camera systems were impacted by this latest vulnerability. All client systems remained operational and unhacked. The firmware vulnerability that allowed the hacker access loophole has since been repaired on all Eyewitness Surveillance cameras.
4 Steps to Block Security Camera Hackers
This isn’t the first vulnerability that’s been discovered in professional hardware and software systems, and it won’t be the last. We’ve designed our video camera hard- and software to repel hackers’ basic and advanced methods for gaining access to vulnerable systems through four primary tactics that anyone can use to defend against security camera hackers.
1. We constantly update firmware and software.
You know that annoying notification that beeps whenever the latest software update is ready for installation? It might be annoying, but those updates play a vital role in maintaining soft- and hardware security.
Updates do basic things like fix wonky programs and adjust the appearance of your favorite apps. However, those same updates also contain preemptive repairs to vulnerable code and processes within your device. These patches prevent hackers from taking advantage of unintended “backdoors” into your device.
Eyewitness Surveillance continuously updates every camera with the latest security patches and software fixes the instant it becomes available, countering criminal activity before it even happens.
2. We never use default settings.
Even the most advanced security hardware and software doesn’t start out as completely secure immediately after installation. There are industry “default” settings that most cameras and software come with to facilitate fast installation and implementation.
Those default settings are known by the hackers, though. Basic passwords and “admin” usernames, leaving the default port number as 80 rather than the thousands available—these all must change, otherwise hackers won’t need to exploit a code vulnerability to access a security system.
No matter how sophisticated a system is designed to be, it’s also designed to be responsive to authorized users. By leveraging default settings still in place in the field, hackers can masquerade as authorized users and do whatever they want with the system.
Eyewitness Surveillance never uses the default settings, and maintains the strictest standards of password authentication. Our recently released mobile applications require users to create passwords a minimum of 12 characters long, case-sensitive, and require both numbers and special characters.
That’s just for our mobile application—our protocols for client security systems is even stricter!
3. The live video surveillance system is constantly monitored in-house by security experts and software professionals.
The problem with “set it and forget it” security systems is that, should the worst happen and criminal activity occur, no one will know what happens until after it’s too late to stop. Hacked CCTV security cameras may not be identified as compromised for hours—even days—after hackers gain access, since these cameras aren’t actively monitored.
So, the same reason why our clients opt for our live video surveillance security system, is why our security cameras are more secure than other companies’ systems.
We’re constantly updating and using the installed cameras every day and night to protect our clients’ property. As we maintain the software and hardware required to best secure our sites, we keep an eye on our (several) firewalls for signs of attempted access and other indications of unauthorized activity—and stop it before it penetrates the system.
Not only that, but as we monitor sites from our central station, we can tell if someone has started devoting computing power to something other than scanning the designated search area. If the camera is unable to provide enough processing power to maintain analytics or stream live footage, then we are able to immediately take action to fix the issue and secure the system before it causes widespread damage.
4. Our security cameras exist within an isolated system.
We saved the most important security feature for last: Eyewitness Surveillance security camera systems are basically network “islands.” Even if the worst were to happen and our cameras were somehow hacked, a client’s reputation and digital assets are never at risk to hackers’ ambitions.
Our security cameras may require access to our clients’ Internet capabilities, but the cameras are never connected to the business network itself. Therefore, it is impossible for a hacker to jump from a hacked Eyewitness camera to a client’s business computers or digital collateral.
Your website will never inadvertently host inappropriate ads; your business bank accounts will not be drained; and your own customer information will not be exposed to hackers of Eyewitness security cameras.
Again, Eyewitness Surveillance cameras have never been compromised by hackers, either using the (repaired) user access vulnerability or via other codes. Our clients’ digital property remains as secure as their physical inventory and assets. We don’t rest on our laurels, however, as we constantly test, update, and repair potential problems before they could ever impact our security systems and customers.
So our clients can relax, knowing that their security system protects against—rather than exposing them to—criminal activity and security camera hackers.