Once a digital video camera is connected to the Internet, it immediately gets an IP address and may start sending information about itself. Using this IP-address, any such device can be searched and found with the help of a “native” application or, for example, an IoT search engine like Shodan. Such a simple way of finding connected video cameras makes it easy for intruders to attack a video surveillance system when they want to put their hands on confidential information or modify important data.
Tip 1. To avoid easy detection of connected cameras by IoT search engines, many manufacturers allow users to access the web interface of the camera and turn off / hide the data about the manufacturer. After that, although the search engine can still find the camera, its make and model will not be identified, which in turn will make it much harder for the hacker to compromise the device.
Even if the IoT search engine can spot a camera on the network, this does not mean that it is possible to attack it successfully. The reason most smart cameras are vulnerable is often hidden in the human factor – excessive carelessness of users.
The fact is that when setting up a camera, people often leave the possibility of logging in using the default account name and password, for example – admin\admin. Moreover, since these parameters are the same for thousands and thousands of cameras and are well known to intruders, hacking is not difficult.
For example, to get full access to the video stream of an IP camera with default settings, it’s enough just to find this camera with the help if the IoT search engine, go to the administration panel via a web browser and type in the default login and password.
Tip 2. Be sure to change the default passwords. Never use simple passwords like admin123, 1234567, etc. Often, you will find that changing the user’s password is very easy. Important: unlike the password, the administrator’s default login name can’t be changed in most cases. If possible, use ONVIF authorization.
Tip 3. Limit the ability to access smart cameras from other IP addresses. To do this, use IP address filtering: create black and\or white IP lists.
In addition to the IP address, hackers use open media ports to attack video equipment. There are special software programs for scanning open ports. As a rule, all ports of the cameras are just open by default! One of the ways for an attacker to compromise the camera is through an open port using a special password cracking software that utilizes brute-force attacks.
Tip 4. To improve security, you can change the standard media ports to the new ones, and\or you can completely close unused ports.
It often happens that the vulnerability is found only in some versions of the firmware. In such cases users can do nothing – no matter how they configure their device security, a critical vulnerability opens the possibility for an attacker to access the camera. To eliminate such problems, manufacturers release a new version of the firmware.
Tip 5. Always update the firmware of the device to the latest version.
Another well-known method of hacking cameras utilizes the Telnet protocol. Telnet is not using encryption. It is an unprotected text protocol that enables accessing the software and the camera file system. This protocol was designed for the manufacturer and the service providers to be able to access the camera, but in practice, nothing prevents attackers from using Telnet. The vulnerability is so critical that by using Telnet an attacker can even change the firmware of the camera by redirecting video streams or turn the device into an “evil one” and use it for targeted network attacks on other devices. Moreover, through the same “hole” you can get to other devices in the local network – computers, routers and try to hack them too.
Tip 6. Do not enable Telnet protocol for IP cameras (by default it is often disabled).
An HTTP protocol is often used to access the camera by default, which does not add advantages from a security perspective. The fact is that when using HTTP, all data is transmitted in an unprotected form. Moreover, if desired, this data can be intercepted in any intermediate node of the information transfer route. The HTTPS protocol comes to the rescue: it provides secure and confidential data exchange using encryption. An additional element of a secure connection based on the HTTPS protocol is a digital certificate.
Tip 7. To improve security, use the HTTPS protocol and the digital SSL certificate.
If the camera transmits an unprotected RTSP video stream, then it can be intercepted and viewed even with the help of a popular media player. To prevent outsiders from watching videos from your cameras, the RTSP video stream should be protected from unauthorized access using a username and password.
Tip 8. Be sure to protect the RTSP video stream of the camera.
The network protocol ARP seems to be important and at the same time harmless – it was designed for identifying the addresses of the data link layer (MAC) using known IP addresses. However, this protocol is vulnerable to specific attacks: cybercriminals can replace the MAC address of the camera (or computer) with another MAC address, and thus redirect traffic from the camera.
Tip 9. Do not use the ARP protocol when there are no special needs for this. It’s better to disable it as this will not allow intruders to identify the real MAC address of the hardware easily.
Users often connect their video equipment to the global networks (WAN, the network of the ISP) directly or through the switch. This is not the best option regarding security.
Tip 10. Connect IP cameras to the ISP and other networks using the routers.This will provide much better protection of video equipment and prevent them against the network attacks. Firstly, most modern routers have much more advanced security settings than IP cameras. Secondly, the camera will be hidden behind NAT from direct access from outside the local network. Also, if the corporate network uses the IEEE 802.1x authentication standard, this can be an additional layer of protection since the risk of unauthorized access to the device is greatly reduced.