• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Internet of Things   »   Security of Home Surveillance Cameras

Security of Home Surveillance Cameras

  • Posted on:January 29, 2015 at 12:54 am
  • Posted in:Internet of Things
  • Author:
    Trend Micro
2

Home surveillance/security cameras have been available for quite some time, and can be used to keep track of one’s home, children, pets, or business.  These devices are, in some ways, the first exposure of people to the Internet of Things.

For most people, home surveillance means setting up a camera and using the Internet to access the camera feed in real-time. Higher end camera models can even be controlled remotely, making them useful for monitoring a large area with a single camera. This is a marked difference from previous iterations of home surveillance, which had restrictions or limitations in terms of accessibility.

Online and Open Accessibility

The older generation of security cameras required the configuration of the home router such as port forwarding, so that you can view the video feed remotely. While convenient, this set-up means that the camera is also accessible to pretty much anyone with an Internet connection.

There are websites that scour the Internet for Internet-connected security cameras. One such site is Shodan. By logging in to Shodan, a person can find a specific camera based on the brand and IP address.


Figure 1. Search results from Shodan

There are even sites that offer streaming videos of publicly accessible cameras. A now-inaccessible Russian site took advantage of default usernames and passwords to access and upload camera feeds online. According to an article by CNN, the site featured streams from 4,600 cameras in the U.S. and thousands more in 100 countries. A quick online search revealed the existence of other, similar sites. There are even mobile apps that provide real-time streaming from cameras across the world.


Figure 2. Camera feeds all over the world

Managing Access

Perhaps in a direct response of this issue, the newer generation of security cameras usually provides some form of cloud management and/or viewing functions.  Once configured, the camera communicates to the vendor cloud servers, allowing users to view the feed by logging into a web portal or by using mobile apps published by the vendor.

In this set-up, the camera communicates to the vendor cloud servers only.  Connections initiated from the Internet cannot reach the camera, as the home router blocks them.  The camera is more secure from activities like unauthorized remote viewing.

Vendor and User Security

Accessibility issues aside, another important issue for these cameras is data protection. Vendors should provide strong encryption for all data/video feed from device to cloud servers to protect user privacy.  However, we found that some popular camera brands are still lacking in their security implementation.

For example, the screenshot below is the packet capture between a D-Link DCS-932L camera communicating with the D-Link cloud server.  Certain traffic from the camera to the cloud servers is encrypted, but not all. There is still clear text communication over the Internet. Such an issue can only be addressed by the vendor, not the users.


Figure 3. Clear text communication between server and camera

The Importance of User Initiatives

While some issues can only be addressed by camera vendors, this doesn’t mean that users should rely on security features offered by the cameras. The existence of the live stream sites shows the importance of changing default login credentials and using strong usernames and passwords. Strong authentication should be also used for home networks, to avoid any unauthorized access.  Users can also refer to our entry, Security Considerations for Consumers Buying Smart Home Devices, for a comprehensive discussion on buying smart devices.

 

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: camerahome surveillanceinternet of thingsInternet of Things

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.