How to hack CCTV cameras (10 hacker secrets)

In movies we see several people hacking security cameras as if it were something very simple. So I decided to write about how to hack security cameras. If you want to know the hackers secrets, keep reading...

hacker with hoodie working with computers

There are a lot of tools and tutorials on how to hack home security cameras or even professional cameras, so you need to learn how to protect them.

If you install security cameras and DVRs, be aware that you are at a high risk of being hacked by software that are automated to scan for vulnerabilities.

It's important to be aware of how an attack to your security camera works, so you can better protect the surveillance systems you install for your customers. Time to learn some secrets used by hacker.

Secret #1:  Changing the default password of the DVR or IP camera does not guarantee that the device is 100% protected against hack attack and intrusion.

That's right, in most cases technicians and installers feel safe because they change the IP camera or DVR's default password to another password that seems safer and will ensure that a hacker can't gent into the system. This may help a bit, but it does not solve the problem.

Even DVRs and IP cameras that had their passwords changed can be victims of attacks that allows the hacker to gain access to the device.

A security camera has an internal operating system, as well as other programs that may have vulnerabilities known to hackers that will exploit them to gain access to the system and bypass the user/password.

Hikvision Hybrid DVR

Secret #2: There are thousands of DVRs and IP cameras scattered around the world that have security issues and vulnerabilities.

Nowadays it is very easy to own security cameras and DVRs at home because those device are being sold everywhere with smaller prices.

With this customer demand, many manufacturers have come up with new IP cameras and devices without care too much about the vulnerability details They simply sell a massive amount of DVRs and security cameras that are installed in homes and small businesses worldwide and are never updated.

hacker typing on laptop to hack camera

Once these devices have left the factory and been installed on the customers facilities, they are ready to be hacked by hackers around the world.  Just connect them to the Internet and they are at risk.

Again, remember that changing the password does not solve the problem when there is a known vulnerability in the device operating system.

Secret #3: Lack of deeper knowledge of technicians and installers makes attackers life easier

Take a look at some forums on the Internet and you will find a lot of discussion about installing DVRs and security cameras everywhere. There are people who believe they are very smart and don't want to learn more.

It's common to read things such as "Those amateurs don't know what they're doing, I always change the default password for the security cameras I install to my clients, I'm good enough to never be hacked".

arrogant man

The same technician who thinks he knows everything about security, minutes later is advising another person to not worry about learning about security camera remote viewing configuration, because there are easy methods out there created by the device manufacturer. Things like P2P remove viewing software or DMZ configuration on the router.

Using a DMZ for instance brings a potential danger to the IP network, especially if you don't know exactly how this technology works.

This behavior of making things the easier way opens the door to hackers that understand the flaws of a bad configuration. So, if you are a security IP professional and really understand what a DMZ is and how to use properly, that's OK, go ahead and use it, otherwise don't take the risk.

Secret #4: Unbranded devices help proliferate the vulnerability of security cameras on the Internet.

Wow,  that unbranded DVR is so cheap, isn't it? You can buy it easily at any store and everybody is doing that, so maybe you  could do the same.

The problem is that once installed, some of those equipment never get updated and the security vulnerability stays there forever...

Well, this DVR is now an open door to hackers and you can not do anything about it because there is not even a phone number or a technical support team you can get in contact with to get a new firmware update.

The only thing you know about the DVR is that it has something written in the front part, so you can read the name: "H. 264 Network Recorder ".

H,264 DVR is not the brand

Buying unbranded equipment is one of the big reasons for this insecurity problem, H.264 is not even a DVR brand, it's a CODEC to compress video. You can learn more in the articles: How CCTV codecs work.

If you have a security camera or DVR from a well-know manufacturer such as Samsung, Bosch, Pelco, Panasonic, Clinton Electronics or even Hikvision or Dahua, you can pick up a phone, call somebody and solve your problem.

With unbranded devices is hard to talk to someone from the technical support team, since most of them don't have such service and once you buy the equipment you are on your own.

Secret #5: People don't upgrade the firmware, so it's easier to hack the security camera

How many times does your customer (or you as a customer) decide it's time to check if the IP camera or DVR needs a firmware update? This is very rare.

Once installed, DVRs or IP cameras will be stay forever without the updates that can solve the security flaws that are discovered by hackers around the world.

Camera firmware update

Secret #6: The hacking is automated

If you think that a hacker sits there in a chair focused on the task of get into your DVR trying all kind of password guessing all night long, your are completely wrong. After exploiting the security flaws, automated programs are created that search for systems with vulnerabilities all over the Internet.

Binary code automated software

A good example is the Mirai, a virus created to get into systems connected to the Internet to later use as a source of attack to sites that hackers wish to shutdown with a DDOS (Distributed Denial of Service) attack.

It's just like having an army ready for war, and your IP camera or DVR can be one of those "soldiers" that Mirai uses to start an attack.

You IP camera or DVR could be infected right now, don't you think ?

Secret #7: Vulnerabilities are documented

Once security camera vulnerabilities are discovered, hackers spread the word collaboratively, there are communities and forums where they exchange information and share details that make life easier for colleagues who want to hack into systems and teach them how to hack security cameras.

Hacker documenting code

The documents are very well written with details of the flaws that have been found on DVRs and security cameras of various brands and models which are sold worldwide.

Secret #8: Hackers don't need to buy equipment

You may be wondering how it is possible for a hacker to discover the security flaws of all the equipment, after all there are thousands of brands of DVRs and security cameras on the market.

Will a hacker go out there buying DVRs from all different brands just to find out what are the vulnerability and how to get into the device?

In fact they do not even need it, because they can access the code used in the security camera or DVR by visiting the manufacturer's website and downloading the device firmware or by getting it from other hacker .

Once downloaded the firmware, he can open it and start working on checking the security flaws and of course, spread the news.

Secret #9: Discovering the vulnerability of one system can guarantee the attack of many similar ones.

In the market there is a network of manufacturer, distributors and resellers who market the same equipment with different names, ie a chip made in China can be used in many DVRs around the world. or even the DVR is sold unbranded and the final distributor places his logo on the product.

When hackers discover the vulnerabilities on a specific security camera chip that is widely used by others the news are spreads to the world and a lot of attacks can be execute in a short period of time.

Secret #10: Excessive trust in the brand or product

There is no product that is 100% safe, no matter what the manufacturer is.

Obviously the large manufacturers are more concerned to solve the security flaws, but the problems still exist even in their devices.

However, the fact that big brands are behind the products does not guarantee that they do not have security problems because there is a list of vulnerabilities even for giants like Samsung, Sony, Pelco, Axis, Cisco and Bosch, these manufacturers are always working to close the security breaches.

Unfortunately there are professionals who believe that when using such products it's not necessary to worry about security and end up relaxing in the procedures that must be adopted to reduce the risk of possible attacks.

How to keep security cameras and DVRs safe?

There is no 100% protection, however you can take some steps to improve the security of your DVR or CCTV cameras.

Here is a list of what can be done to prevent intrusions:

1. Use well-known and supported brands

2. Change the default password of your DVR or IP security camera

3. Swap the standard DVR or IP camera access ports

4. Update firmware when the manufacturer releases new versions

5. Avoid using DMZ to have remote viewing to the device

6. Separate the access network from the DVR or IP camera network

7. Use additional network security features such as VPNs

8. Use encryption between DVR or camera and remote device

9. Protect your DVR or IP camera with firewalls

10. Learn more about network security 

It is not so simple to ensure that a IP camera or DVR will be safe in a data network, this involves a deeper IT knowledge. Do not worry if you don't understand some of the terms used in this article,

The idea is that you can learn more and more about how to protect your DVR or security camera from the point of view of a professional in the area of computer networks, after all a hacker or programmer who develops viruses is exactly on that side, and even if they do not understand about security cameras, they certainly understand network security.

Be safe and click the buttons below to share this article

Tags: , , , ,