IoT CCTV Cameras
IoT CCTV cameras are witnessing a global surge in installations, aimed at enhancing security across personal, business, and government domains. Predictions indicated that by 2021, approximately 1 billion CCTV cameras were expected to be operational, reinforcing the vigilance landscape.
CCTV IoT Devices
In today’s ever evolving world, many home and office security cameras are actually IoT Hardware devices. This means they are connected to the internet. As with all IoT devices, there are numerous benefits to internet-connected CCTV cameras. Primarily, real-time footage can be displayed and viewed on users’ phones from anywhere in the world via an app, making monitoring much easier. Some cameras support two-way communication, essentially acting like a baby monitor. For cameras used at front doors, users can see who is ringing the bell and open it remotely. This illustrates the convenience IoT devices bring, though sometimes at the cost of user vigilance.
However, like all IoT devices, these cameras also present numerous security vulnerabilities and risks. Connected devices expand the attack surface, making cyberattacks easier to execute. IoT devices have an IP address, which can be discovered by bad actors. Many also have simple default passwords that users often fail to change, making them highly susceptible to hacking. Furthermore, IoT cameras collect vast amounts of data, making them appealing targets for attackers.
IoT security vulnerabilities are a longstanding issue that requires urgent attention. Many IoT devices lack sufficient security measures and often remain unprotected due to their seemingly harmless nature. Traditional endpoint and network protection software is often ineffective against IoT threats, as it cannot accurately identify, monitor, or secure these devices.
IoT Cameras and Hardware Attacks
Cameras are not typically considered connected devices, so they are often overlooked as IoT security risk. However, IoT devices are highly susceptible to hardware attacks, either through a spoofed peripheral, or a network implant. Internet-connected IoT CCTV cameras are no exception. They can be used in a variety of ways to compromise an organization. A camera can be a target itself or serve as a conduit for future hardware attacks.
DDoS Attack
CCTV cameras can be exploited to conduct distributed denial of service (DDoS) attacks. These attacks not only cause major disruptions but can also act as a distraction for other, more damaging attacks. In 2018, the Mirai malware targeted IoT CCTV cameras to turn them into bots, creating a botnet that caused a DDoS attack, which left much of the internet inaccessible on the US East Coast (source: The Mirai Botnet Explained).
Since IoT devices collect large amounts of data to operate efficiently, targeting an internet-connected CCTV camera can provide attackers with access to usernames, passwords, and even the camera’s location and time zone. Additionally, the camera can be used as an entry point to infiltrate the network, potentially exposing sensitive information. A 2017 report revealed that compromised CCTV cameras can even provide access to air-gapped networks. Thus, even the most secure networks are not immune to infiltration via IoT CCTV cameras.
Easy Entry into Buildings
By accessing the camera’s footage, hackers can determine the easiest way to gain entry to a building to carry out further hardware attacks on an organization. The footage can highlight the areas with the fewest guards, when the premises is emptiest and where certain assets are located. Alternatively, perpetrators can manipulate the footage being displayed – either showing a black screen or replaying old footage. This can allow them to gain physical entry to the building without being noticed or identified. Moreover, it can be extremely useful when attempting to conduct additional hardware attacks since physical access is required.
Furthermore, since some cameras allow for two-way communication, the attacker can instruct an employee with insider privileges to conduct an attack via the camera. This can be either as a result of blackmail, or a disgruntled employee looking to harm the organization that wronged them.
When using IoT CCTV cameras today, one must ask: am I using this camera to monitor others, or are others using it to monitor me?