Feeds

'Video-hams' tap into insecure surveillance cams

i-Spy

3 Big data security analytics techniques

Surveillance cameras outfitted with internet technology are open to tampering and interception, security experts warn.

IP cameras, widely available from around £70 and not to be confused with web-cams that connect directly into PCs, connect into corporate computer network or domestic broadband systems and are capable of transmitting live footage or individual images across the internet. However these systems are often set up without bothering to configure security settings (such as password protection), an omission that means nominally private cams can be viewed over the net by so-called "video hams".

By using search engines such as Google, snoopers can locate and view hundreds of unprotected cameras, according to Robert Schifreen, IT security consultant and author of the book Defeating The Hacker. Insecure cameras can be easily located using search strings such as "inurl:CgiStart?page=Single" or "axis inurl:view/index.shtml", to produce interesting results (as illustrated by Schifreen here).

The problem is compounded by the inclusion in many systems of so-called "PTZ" features, which allow surveillance cameras to be panned, tilted and zoomed remotely so that the operator can focus on a person or activity of particular interest. Wi-Fi versions of video surveillance cams have made it possible to install systems in a wider number of locations, further exacerbating the issue.

"Allowing your company's surveillance system to be visible over the internet is just asking for trouble", said Schifreen. "There are serious privacy issues in allowing the general public to watch your staff going about their work behind closed office doors. Allowing your competitors to see how your company operates is madness. And unfettered access to PTZ facilities makes it simple for a thief or shoplifter to divert a camera away from where he intends to strike."

"We're not talking about hobby webcams here, which were always intended to be viewable by the general public", Schifreen added. "The systems being targeted by video hams are private surveillance cameras. All of which come with security facilities such as password protection built in, if only the purchasers were aware of them."

Users deploying IP camera for surveillance ought to enable the camera's in-built password protection, rather than allowing images to be openly accessible to anyone who knows how to use a search engine. In corporate environments, video surveillance traffic needs to be kept to the confines of internal networks, using appropriate firewall rules. ®

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.