This post is also available in: עברית (Hebrew)
The number of video security cameras is increasing every hour and everywhere. Private people and organization want to have their eye on their property and organizations. But these security cameras are in many cases a two-way street that can cause harm to the people that have installed them in an effort to be more protected.
“Video security data is increasingly connected across local and global networks. A growing number of cameras send their data to core components servers over the Internet, where digital intruders and hackers just wait for an opportunity to attack,” explains Amnon Cohen, CEO of Ledico that represents the German company BOSCH, a major manufacturer of advanced security video cameras.
Cohen says that even a single weak link in a video security system can jeopardize an entire system. For example, skilled hackers can stage so-called man-in-the-middle attacks, hijacking communications between a camera and video management system (VMS).
“Once hackers have access, they can inject an alternate video feed to conceal illicit activity, or manipulate live camera footage to selectively remove certain details or persons from the scene”.
Such attacks happened in many places and many others have not been reported. To counter the risk of hackers getting access to a video system, BOSCH has developed a four-step approach that considers the entire video security infrastructure.
This defensive approach is based on a few components – assigning every component in the network an authentication key, encrypting it at the hardware level, and using a cryptographic key that is safely stored in a unique built-in Trusted Platform Module (TPM).
Cohen says that there are reports of hacker attacks on entire security video systems that caused organizations to stop functioning. “Some of these incidents happened in places that one could have expected that their video systems were secure.”
In recent years, BOSCH has invested huge sums to develop defensive layers that will make it hard for hackers to penetrate video systems. The main layers are a password enforcement at initial set up, disabling 3rd party software and firmware updates via manufacturer signed files only.
The secure video systems developed by the company find their way also into the growing number of autonomous vehicles under development.
“When a car travels autonomously at a high speed, the video camera which is the main sensor must be protected at the highest level,” Cohen says.
In recent years, there were reports on “Back Doors” that have been found in video cameras that were made in Asia. Last year, it was exposed that over 100,000 internet-connected security cameras contain a “massive” security vulnerability that allows them to be accessed via the open web and used for surveillance, roped into a malicious botnet, or even exploited to hijack other devices on the same network.
“The surprising fact is that you can find cheap unprotected cameras in sensitive places. It seems that even in such sites the people in charge are not aware of the problem,” Cohen added.
According to Dorit Guterman, Ledico’s Technologies Manager, the defense against cyber threats is certainly a process and not a one-time incident. Therefore, it is also important to create a supportive organizational culture and an established concept backed by the most suitable and advanced technological solutions.