Security Cameras: Risk or Reward?

Last week we shared the recent SD&I cover story about a potential ransomware attack on a security system.  If you missed it, you can read it here.

This brought on a number of questions about the safety of using security cameras in businesses and homes. One we often hear is:

“Can hackers watch me through my cameras?”

We always reply with, “Maybe, that’s why you should always be smiling!” We say that half-jokingly because the reality is, it's certainly possible. More often though, hackers aren't looking at you, they're looking at your information. Their goal is to leverage your camera as an access point to move in and around your network or further enhance an attack.

Just like any technology, you can’t put all products and manufacturers in the same basket. In the case of security cameras, everyone builds their devices differently with varying degrees of security baked in. Historically, camera manufacturers have had to minimize investment in building strong security features due to cost restrictions. And, let's be honest, it might just help to maximize profit.

In a recent example, F-Secure noted that Foscam IP cameras may have significant risks. 18 vulnerabilities in total, some of which may allow an attacker to view live video and control the cameras. If you have these cameras in your business or home, you might want to read the story. While we can't verify everything is patched up, the good news is Foscam has released a statement indicating new firmware is available.

That brings me to my next point: Just like computers, IP security camera systems have specific software and firmware installed on them that absolutely require updating.

Luckily, for your computer, when a new update is released, your system will usually automatically update or notify you and fix the security vulnerabilities. Or you'll hear from someone in IT. And as long as you put the updates through and reboot your computer, you should be in a safer place.

Your camera system is a different story.

When an update is released by the manufacturer to fix a security problem on a camera system, it isn’t so easy:

  • First, most end users simply aren't notified.
  • Second, if your system is on-premise (local), usually updates to devices and software are not done automatically.
  • Third, updates and patches can be tricky as they may end up causing conflicts to your camera software, and, most of the time need to be completed by a trained professional.  

If you've hired a professional to install your camera system, ensure they don't use default passwords. Also, see if they have a program where they'll perform ongoing security updates for you to help keep your systems secure.

If you've completed a DIY (Do-IT-Yourself) camera installation, then you owe it to yourself to research new updates/patches and apply them to your system. And please change the default login and password to something strong!

Testing your network for holes and vulnerabilities is a critical part of your cybersecurity program.

Make sure it includes your IoT devices, including those seemingly safe security cameras.

When you've done that, don't forget to smile...a little peace of mind goes a long way!

Stay Safe,
Your Friends at Launch Security

Subscribe to the Launch Security Blog: Cybersecurity in 60 Seconds