Video Systems, Less Familiar Target of Cyber Threats

This post is also available in: עברית (Hebrew)

By Dorit Guterman, Ledico Security Systems, Tomer Nuri, Team

Information and cyber security events can occur also via security cameras and other IoT devices. As result, information security in security and video systems has attracted more and more attention. The discussion usually focuses on the damage potential to the organization’s information systems and the threat of penetration to the organizational databases and core systems via the camera system. However, one should also take into account the threats on the video system itself and the data accumulated in it.

Therefore, a defense policy regarding video systems should take into account several threats:

Infiltration of the organizational systems via the camera network – Considered as the major threat, it refers mainly to the danger of stealing business information from the organization’s databases. Within this context, there is also a threat involving the use of the sensor and camera infrastructure in order to execute DDOS attacks within the organization or against a third party. The use of cameras for stealing intellectual property or installing a hostile code (SCRIPT).

System shutdown or the prevention of access – Whoever breaks into the system is able to deny access and shut down the security cameras that screen installation, people or assets. According to a recent report, in several incidents around the world, hostile elements took control of cameras, halted their operation and replaced their access passwords. In some cases these were ransomware attacks, in others, the attacks were aimed at jamming the security system and enabling a physical break-in.

Change in live video streaming – Unsecured cameras can be used by foreign elements to change the live video without the awareness of the system operator.

Jamming or deleting documentation – In order for the documentation to serve as a forensic evidence, an unauthorized access to the system must not be allowed. The authenticity proof of the recording is an imperative condition for the evidence acceptance in court.

Unauthorized watching – An intruder that connects to the cameras and watches the video might hamper the privacy of the people photographed and might get an intelligence information regarding the schedule, work procedures, business information, and potential physical vulnerabilities. The intruder could use this information for breaking-in, stealing, or threatening a person.

Technically, each of these threats can materialize in the following methods:

Firstly, the use of malware to gain control of the system. This involves a software code inserted into the system via the uploading of a forged software update, saving files affected by viruses into the recording systems etc. As opposed to complex computing infrastructure, this environment does not require the detection of a zero-day vulnerability, the infrastructure itself and/or simple code files (SCRIPTS) can be used in order to damage the infrastructure.

The second method is an internal threat, i.e. the malicious use of authorizations. This could be done by an embittered former employee whose authorizations have not been canceled or someone who got hold of the identification details of an authorized user.

The third way consists of the physical stealing or loss of an SD card, hard disk that contains the recordings or the camera itself.

Another method is an attack on a side channel, a cryptographic attack based on energy consumption or an electromagnetic leak in order to get hold of passwords etc.

The defense against cyber threats is certainly a process and not a one-time incident. Therefore, it is also important to create a supportive organizational culture and an established concept backed by the most suitable and advanced technological solutions.