This post is also available in: עברית (Hebrew)
Cybersecurity professionals have warned for years that IoT presents potential safety and privacy concerns for consumers. Now there are widening concerns regarding the risk to US defense facilities.
Several widely available security cameras and wireless routers can be easily hacked to reveal customers’ video feeds online, researchers disclosed, according to inhomelandsecurity.com. There are also concerns that Chinese manufacturers could be embedding “back doors” into products at the behest of the Chinese government. The Wall Street Journal reported that a Chinese company called Hangzhou Hikvision Digital Technology, owned in part by the Chinese government, had made cameras that were used on US military installations in Afghanistan. Those cameras were removed from a list of approved cameras, and the Department of Homeland Security found a back door, giving the camera its worst security rating.
According to the report, equipment by Hikvision, which is the No. 2 seller of surveillance equipment in the US and is No. 1 in Europe, is also used to monitor the US Army base Fort Leonard Wood in Missouri; the Memphis Police Department also is a customer.
The risk in the worst case is that the company, perhaps at the behest of the government in Beijing, is able to access anything captured by the cameras. In a lesser scenario, hackers (state-backed or otherwise) take advantage of the flaws to hijack the system.
In fact, the Homeland Security Department identified one such vulnerability that could be exploited in such a way in some Hikvision devices, though the company says it has since patched the glitch, according to newser.com.
There are also allegations regarding other companies. ReFirm, a cybersecurity startup, recently claimed it discovered security flaws in Internet-connected products sold in the US by manufacturers TRENDnet, Belkin and Dahua. The company said they were able exploit weaknesses in the gear to access video feeds freely available on the Internet from people’s security cameras. For example, the report alleged that the cameras made by Dahua, a Chinese manufacturer, contain a hard-coded back door to allow outsiders to gain access to the feeds.
In an interview with the Wall Street Journal, a Hikvision executive said the company does not install back doors in its cameras and cannot access customers’ video feeds. Dahua is a close competitor to Hikvision in China. In its report, ReFirm said it thought the back door was added deliberately based on the way the code was written and the fact that it was programmed into multiple other Dahua products.
“This vulnerability is not the result of an accidental logic error or poor programming practice, but rather an intentional backdoor placed into the product by the vendor,” the report claims.
More about the latest technological innovations in the IoT field from the defense, security and law enforcement, smart city/safe city aspects can be found at the forthcoming IoT 2017 Conference and Exhibition organized by iHLS.
The event that will be held on December 25th, 2017 at the Lago Conference Center in Rishon LeZion will serve as a meeting point to all the leading members of the IoT ecosystem in Israel and abroad: experts, industries, startups and entrepreneurs, integrators, and officials from the defense and security, law enforcement and first responders sectors, and many more.
Booth/sponsorship/lecture: [email protected]