CCTV has changed the way we secure properties and ensure public order, providing an unprecedented degree of awareness for security professionals and deterring crime in the process. In PSI we have covered the security of security systems a number of times but does the technology really still have hidden security risks that companies and private individuals aren’t aware of?
As with many aspects of modern society, CCTV on a network can be as vulnerable to cyberattackers as any other connected device if best practice is not followed. That’s a problem in a society with a reliance on IP technology especially given the widespread adoption of DIY home security cameras fitted by the homeowner.
If you install closed-circuit security systems there may be risks involved that you need to know about. While CCTV certainly isn’t hopelessly flawed, these risks are important, and many manufacturers of professional cameras have recognised this with schemes such as Cyber Essentials and Secure by Default helping to provide protection.
IoT boosts the risks
For a long time, the major security issues regarding CCTV were pretty rudimentary. For example, when organisations stockpiled huge archives of material from workplaces and public spaces, external thieves or internal employees could steal these tapes and use them for nefarious purposes like blackmail. But according to experts we spoke to at VPNpro, today’s threats go further.
The major reason they say is due to the expansion of the Internet of Things. Modern security camera configurations, especially on self-installed cameras are connected to apps and central networks remotely via WiFi and Bluetooth. This is great from an operational perspective, allowing close control, automated alerts, customised analysis and archiving, and cost savings. But it’s also a security concern.
Interconnected systems and DDoS
The primary issue regarding IoT connected CCTV revolves around DDoS attacks. These attacks are intended to bombard targets with requests. As these requests mount, they effectively overload the devices concerned, taking them offline. If the attacking agent is concealed well enough, this can be very, very hard to eradicate, and restoring affected systems can take days.
Read the full article in the March 2020 edition of PSI magazine