Since the cybersecurity of video surveillance cameras is becoming an increasingly common problem, it is important for customers to be able to realize when their device has come under attack. This is not always easy as different surveillance products may have different vulnerabilities, but with some extra care, you may be able to manage early detection.
“In many cases, it is very difficult,” said Aamir Lakhani, Senior Security Strategist at Fortinet. “Because of the number of cameras and how many vulnerabilities exist a customer may not have a good way of telling. In many cases, the system will be running or responding slowly. In corporate environments, systems such as intrusion prevention devices and anomaly-based traffic analysis can give a great clue and early detection if a camera system is being attacked or has been compromised by attackers.”
Alon Levin, VP of Product Management at VDOO Connected Trust, expanded on this. As IoT malware is normally crafted to go undetected, there is no easy way to know for sure. Any suspicious change to the device may indicate the existence of a botnet malware on your device. Referring to a recent report on vulnerabilities published by his company, he suggested the following points.
A few ways to check:
- The password is no longer working – this is a strong indication for a device that has been taken over.
- Your device settings were modified – for example, videos are now sent to a different server.
- Spike in network traffic – if possible, examine your router network statistics. A botnet could increase the amount of network traffic originated from the camera. Any spikes should alert you since unless you are streaming video from the camera, this number should be relatively low.
Best practices for cyber protection
While it helps to know if your camera is attacked, the ideal scenario for any customer would be to be never be hacked at all. While this is tricky, given how often we come across vulnerabilities these days, there are certain practices you can take up to ensure your surveillance equipment is not too easy a target.
“Many people just forget the basics which include disabling default usernames and passwords,” Lakhani said. “Use usernames and passwords that are complex. Enable 2-factor authentication if available, and limit management from specific networks or management workstations. Another extremely important step is to always check for, and ensure, you are running the latest operating systems and firmware on the camera. Many attacks are discovered every day and manufacturers often need to release new camera firmware to fix the vulnerabilities. Lastly, segmentation is very important. Run cameras, as well as other IoT devices, if possible on their own isolated networks, not alongside your other devices and computers. In that case, if there is a compromise, attackers may be limited in what they can see, and the attack may be limited.”
According to Levin, the fight against cyberattacks should begin at the manufacturers level. He suggested that the best way to protect surveillance cameras is to employ defense in depth techniques.
“Protection needs to start from security by design, embedding security when designing, architecting and developing the product,” Levin said. “Manufacturers need to employ essential techniques that will make it hard for attackers to utilize design flows to gain access to connected devices. On top of that, we believe that cameras, similar to other higher-end connected devices, like routers, can use third-party security components, dedicated security agent, integration with security services in order to complement their secured design in order to be protected on an on-going basis from all types of attacks.”