This post is also available in: heעברית (Hebrew)

Security cameras are exposed to cyber threats, including information theft and privacy breaching. The cameras have become more and more vulnerable to breaches and hostile remote access. The security cameras have become part of complex platforms such as smart cities, while the greatest danger is, in fact, attacks against sensitive security organizations’ cameras.  

The Israel National Cyber Directorate at the Prime Minister’s Office has published its recommendations to decrease security cameras’ cyber risks. The document includes recommendations to private and public organizations as well as government agencies.

The use of sensors, WiFi camera networks or cameras with IoT components has become more and more widespread. IoT communication is an advanced communication among the devices, which enables information collection and exchange and allows connectivity.

The implementation of IoT-based technologies without using suitable security settings turns the cameras into target to attacks aimed at stealing and jamming data, spoofing, blocking, etc. Attack methods vary from searches for security cameras through queries regarding manufacturer’s names and default passwords, to using cameras or IP addresses and DDoS attacks.

The widespread deployment of the cameras at the organizational and private spheres might increase the exposure to security risks and unauthorized access to security systems, including the assailant’s interference with software update processes, etc.

Organizations are called to implement a risk evaluation process and establish a strict cybersecurity program. According to the document, a secured planning should take into account the following scenarios:

  • Risks from Iot components
  • Taking advantage of cameras infrastructures at end-points for penetrating organizational computer systems
  • Interference in MITM for unauthorized access to data
  • Online attacks aimed a paralyzing the system or access denial, and even creating an opportunity for a physical break-in
  • Information manipulation without the awareness of the system operators
  • Jamming or erasing documentation

The recommendations refer to the camera systems’ purchasing, installing and maintenance, isolating the camera in a closed independent network or defining a special VLAN, security settings, as well as instructions for preventing physical access to the cameras.