On 8th March, researchers discovered that piracy of video surveillance systems was possible due to several flaws in some cameras. Many manufacturers simply take over white-labelled hardware designed by Chinese companies with little security look. A typical camera model is sold in large quantities by a Chinese company, then this model is resold by adding a home software with their brand. Thus more than 1250 models of IP cameras are concerned. The http interface is different for each of them, but they nevertheless share the same vulnerabilities.
Stand-alone cameras connected to a cloud are directly connected to the Internet. Their security holes were discovered over time and communicated to the public, making these cameras vulnerable. Software vendors are not able to guarantee the correct functioning due to firmware upgrades, including security updates. All additional software embedded in the cameras must be corrected or adapted by the third party publisher and then reinstalled. It is then likely to have to return all the stock of cameras to the distributor in order to perform the reinstallation or, if the cameras are still accessible online, to repair them remotely.
More than 6,000 cameras in France and more than 230,000 worldwide
In addition to a breach of privacy, these hacked access allows malicious people to see the presence of on-site personnel and steal access credentials. Through the IP address of the cameras, hackers can see the entire installation. To resolve this issue, all vendors have been alerted on the necessity to correct these vulnerabilities.
Some precautions to be taken
After buying new hardware, consider changing the manufacturer’s default password directly, have an expert monitor network traffic. Moreover, it is possible to block the internet access of its cameras.
The use of an intermediate box as ESI offers it with CAMLINK is a means of securing the Cloud link by an auto VPN installed. The hard drive capacities instead of an SD card also ensures the durability of the device over time.