The Internet of Things (IoT) is expanding dramatically, underpinning and connecting modern surveillance cameras and devices together for enhanced security in organizations. Connecting these various systems together promises greater efficiency, productivity, and reassurance for organizations as they continue to scale operationally, but the disruption and worry that can be caused should such a device be compromised or exploited can be insurmountable.
As IoT security cameras become increasingly dispersed across an organization’s estate and infrastructure, it’s essential to understand the vulnerabilities that exist within their setups and explore why and how they are exploited. This article will explore the warning signs to look out for when reviewing your surveillance cameras and how to prevent them from escalating into serious threats to your organization.
The IoT Threat Landscape at a Glance
Recent industry reports from IDC suggest that global spending on IoT is expected to exceed $1 trillion next year. The factors which have been attributed towards this exponential growth are “data hungry AI applications” and “digital transformation strategies that require solutions at the edge to digitize the physical environment.”
Another PatentPC report reveals alarming stats in IoT: 57% of devices are highly vulnerable, 98% of traffic is unencrypted, 70% have serious security flaws, and 60% of companies using them have experienced cyber incidents.
While IoT devices encompass more technologies and hardware than cameras, these are particularly valuable assets for malicious actors due to their multiple exploitation vectors and entry points. Inadequate security controls and easy integrations with other devices on an organization’s network make attacks easy to proliferate and escalate once one IoT device is compromised. Given the prevalence of physical surveillance cameras on any given business estate, even small vulnerabilities can be exploited, thus elevating the risk profile of any organization and, by extension, their digital assets.
Recognizing Signs of a Hacked IoT Camera
Detecting a compromised security camera involves the awareness and recognition of several telltale signs.
- Unusual network activity – surges in outbound data traffic from camera systems may signal that footage is being exfiltrated to unauthorized or unknown recipients. Real-time network monitoring tools can alert security teams to anomalous traffic patterns, as well as false positives, which can aid their decision-making on malicious threat prevention and containment strategies, if needed. A further step would be to segment networks that isolate camera systems, which could make traffic pattern identification and lateral movement tracking easier.
- Unexpected camera movements – cameras can pan, tilt or zoom of their own accord when monitoring movements. However, if they move in strange positions, record instinctively, or emit strange audio via two-way communication systems, these should be investigated. It can often point to unauthorized access and an unidentified user who has gained control of the device.
- Substandard performance – cameras that suddenly operate with increased latency, reduced video quality, lower frame rates, or more interrupted feeds may indicate that their computational resources are being diverted. Furthermore, any changes to pre-set camera configurations (e.g. notification settings, disabled functions, firmware upgrades) that have not been cleared by security teams may indicate that they’ve been accessed and compromised without permission.
- Access log discrepancies – auditing access logs and assessing authentication patterns could unveil failed login attempts from unfamiliar locations or outside of working hours. These often signal brute force or credential stuffing attacks, which are difficult to outmaneuver without sufficient security controls.
How Cameras Become Compromised
Understanding how malicious attackers target vulnerable surveillance systems is vital for strengthening overall cyber resilience. It warrants an objective, thorough assessment of various elements within a security camera network:
- Default credentials – Many isolated security cameras are sent and received with default usernames and passwords. Deploying these devices without reviewing and altering these credentials gives attackers an easier route in.
- Outdated firmware – Attackers can exploit vulnerabilities in camera firmware if it’s not regularly audited, patched and updated. Manufacturers often release regular patches for critical vulnerabilities, and they must be regularly maintained, applied, and tested.
- Network exploitation – Poorly secured, non-segmented and open wireless networks provide easier pathways for attackers to compromise devices also connected to those networks, including cameras.
- Man-in-the-Middle (MitM) attacks – Attackers can often intercept unencrypted traffic between cameras and servers, where live feeds can be viewed and false footage or imagery can be injected to deceive users.
How to Prevent Security Camera Compromise
Protecting in-house surveillance systems warrants a thorough, methodical, and top-level defense strategy.
- Isolate networks – Deploy dedicated VLANs and VPNs for isolated security systems and devices. Not only can camera traffic be segregated, but only validated devices can gain access to such networks, with administrators overseeing anomalies and revoking access as necessary.
- Zero trust model – Adopt a security architecture of zero trust, where no device or user is implicitly or inherently trusted without proper identification and authentication, even if it only accounts for part of your infrastructure. Reinforce this with stringent multi-factor authentication (MFA) and single sign-on (SSO) processes to validate all users upon entry.
- Assessments, audits and patching – Develop regular and comprehensive patch management, network scanning, vulnerability management and penetration testing of all incumbent architectures, which can help teams identify lesser-known vulnerabilities before they’re exploited.
- Review products extensively – As surveillance technologies include sophisticated AI and cloud capabilities, it’s imperative to review and validate the posture of these systems before they’re deployed. Even as circularity becomes more embraced, with device reuse and repurposing encouraged, ensure all reused security cameras and devices are reviewed to ensure no data is left to be exploited.
Addressing IoT Security Issues With Confidence
It’s always wise to adopt the mantra of ‘when, not if’ when it comes to security incidents. Despite an organization’s best efforts, breaches can still occur.
Establish a thorough incident response plan to specifically address compromised surveillance systems. This involves immediately isolating and disconnecting compromised cameras from the network, capturing system information at rest, reinstalling firmware and re-establishing camera configurations post-investigation and updating security controls based on your findings will all prove vital in preserving system integrity.
Implementing comprehensive security controls will give organizations the best possible chance to preserve system integrity and cultivate a strong security hygiene across their estates. The convergence of physical and digital security demands an integrated and data-led approach where security posture is enhanced rather than undermined.
Chester Avey is a Freelance Writer based in the UK with more than 20 years’ experience in IT. He has extensive knowledge of today's evolving tech industry and enjoys writing authoritative articles and opinion pieces on a wide range of topics, including: digital marketing trends, AI, cybersecurity, software solutions, and e-commerce.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.