Sunday, 9 November 2014

How many NSW North Coast businesses, post offices, police stations and local councils use Internet-enabled security cameras capable of being exploited?


When you walk into your local supermarket to pick up some breakfast cereal or the nearest council chambers to pay your rates do you ever wonder just how benign that security camera monitoring your movements actually is?

Have you any idea if the security camera you are thinking of installing at your business premises or above your front door at home is Internet-enabled?

What about that high-tech baby monitor by the cot?

Haven’t given it a thought? Well, perhaps you should.

These three statements were taken from the websites of companies which supply security cameras for homes, offices, shops etc.:

For highly reliable CCTV surveillance in any conditions, only trust professionally installed and tested products. Protect your property and assets with this trusted visual deterrent that gives you full monitoring and recording facilities. Watch from a central location, or remotely anywhere in the world via an internet enabled device.

Monitor your home or office with high quality MJPEG streaming video. Access, monitor and record up to 16 cameras from the Internet.

TRENDnet’s security team understands that video from some TRENDnet IP SecurView cameras may be accessed online in real time. Upon awareness of the issue, TRENDnet initiated immediate actions to correct and publish updated firmware which resolves the vulnerability.

It would appear from just these thee quotes that security flaws in Internet-enabled security cameras are not only possible but can be exploited at will and, video footage either live streamed or video snapshots posted on publicly available websites.

This potentially means administrative or sales staff and ratepayers or customers may at any time find live images of themselves beamed around the world - as would anyone who had such a camera set up inside their own home.

Cameras with a pan/tilt/zoom function just add to the fun to be had by anyone taking advantage of these security flaws.

If any of these surveillance systems are linked to audio, the privacy issues multiply because your conversations might also fly around the world for the listening pleasure of strangers. 

On 8 November 2014 The Canberra Times reported that; UNSW's Cyberspace Law and Policy Centre co-convenor David Vaile said people should think twice before using internet-connected security devices. "This is a great illustration of the illusion of security coming from surveillance and in fact you're getting the opposite, you're getting increase risk of unwanted and possibly quite hostile misuse of your information,"…

Currently over 900 Australian security camera feeds (along with many of their default passwords) are currently available at one website alone, including a 4 channel Hikvision camera at Evans Head and a 1 channel Foscam camera at Lismore.

Loved that stuffed animal in a yellow outfit, Evans Head! The office mascot perhaps?

Here is a list of just some of the vulnerable security cameras brands and associated software systems:

TRENDnet
D-Link
Cisco
Linksys
IQ Vision/IQeye
3S Vision
HD Network Speed Dome
TP Link
Vivotek
Hikvision
Foscam
Milestone
Axis

No comments: