Bekir Kilic, Managing Director, PRO IT Pty Limited
Thousands of wireless IP cameras are vulnerable to remote attacks. At a recent security conference, researchers showed how to exploit the devices in “To Watch or Be Watched: Turning Your Surveillance Camera against You” and released a tool to automate the attacks.
Security cameras are supposed to offer security, not provide surveillance footage for anyone to view. Businesses may be fine with that, but cameras that are not truly locked down in homes invite privacy invasions. In this case, it’s not just one manufacturer.
IP Cameras are embedded with a web based administration interface, which can be considered as a textbook example of an insecure web application and easily leads to an exposure of not only sensitive personal information (such as wireless network, FTP and even email access credentials), but also provides an eye to an inside of your house. Apart from the flaws in the web interface, the cameras also use questionable security practices when it comes to securing the firmware, which leads to even more interesting attack vectors.”
A website with indexing tools was able to link to over 73,000 unsecured security IP camera locations in 256 countries to demonstrate the dangers of using default username and passwords. The site, with an IP address tested from Russia, is further broken down into insecure security cameras by the well-known manufacturers, where some listed only as “IP cameras,” as well as NVR & DVRs. Over 11,000 of the links were to U.S. locations, more than any other country; one link could have up to 8 or 16 channels, meaning that’s how many different security camera views were displayed on one page.
There were lots of businesses, stores, malls, warehouses and parking lots, but it was horrifying to see the sheer number of baby cots, bedrooms, living rooms and kitchens; all of those were within homes where people should be safest, but were awaiting some creeper to turn the “security surveillance footage” meant for protection into an invasion of privacy.
HOW TO PREVENT IP CAMERA HACKING
Preventing your IP camera from being hacked comes down to six simple steps.
1. Secure your internet network
2. Password protect your cameras
3. Avoid port forwarding to your IP camera
4. Change the default password of your router
5. Update your camera with the latest firmware
6. Research online forums the model of camera for flaws
Before we get into the six steps, it is important to have some understanding about your connectivity. The vulnerable part of this process is a) the internet network you’re using and b) how is your camera footage is shared on the internet.
1. Secure Your Internet Network
If you’re using an IP camera at home, the ‘internet network’ refers to your home WiFi.
The best thing you can do to protect your internet network is to have a strong password and limiting the amount of people you give your password out to and this includes friends. Regularly change your password.
If someone has access to your home Wi-Fi, it’s not just your cameras you need to be worried about, but your computer and all its contents.
2. Password Protect Your Cameras
Most IP cameras come with software that is pre-loaded to make remote viewing possible. The problem is that when the software is loaded by the camera manufacturers, each camera is given the same default username and password.
While most people change the default password when setting up their camera, many don’t. This leaves cameras accessible to anyone via the internet, especially those with the same type of camera who know the default password.
3. Avoid Port Forwarding to Your Camera
The modem/routers comes with built in security that blocks certain applications from accessing your home network. Port forwarding is a way to tell your router what device or computers inside your home network of how the incoming connections should be directed. People choose to set up port forwarding for devices such as an Xbox, but when it comes to IP cameras it’s not recommended you do this.
4. Change the Default Password of Your Router
Just like your camera comes with a default password, so does your router. Again, most people change this password when setting up their home Wi-Fi.
5. Update Your Camera’s Firmware
Similar to an app on your phone, IP camera manufacturers will update your camera’s firmware from time to time with small enhancements. The problem usually arises when a camera manufacturer discovers a flaw that might expose the camera to hacking. When this happens, updating the firmware is strongly advised.
Updating your IP camera to the latest firmware version is different for every camera so it’s best to refer to the camera manufacturer. Check the website of your camera’s manufacturer and search for information on firmware.
6. Research Online Forums
Research online forums the model of camera for vulnerabilities to hacking and security flaws.