Nowadays everyone wants to connect their CCTV system on the Internet to see everything remotely via computer, mobile phone or tablet.
The question is: "Is your CCTV system safe from hackers ?"
People install IP cameras, DVRs or NVRs, enable P2P, cloud, or whatever the new technology that manufacturers offer to make the customer happy with their new system. Easy, quick, isn't it?
All over the Internet there are discussions about how easy it is to connect a DVR to the Internet and give remote access without having to learn any configuration because the manufacturer has a super simple way to do it and blah blah blah.
The truth is that currently there are many devices connected on the Internet without any concern with security issues, customers have no idea what is going on, installers think these easy to set up devices are the best thing in the universe and cheap equipment manufacturers don't really care about DVR and cameras safety, they just want to make the customers and installers happy with an easy solution.
I've already mentioned another article about hacker intrusions to security cameras, it doesn't matter if you have a well-know camera brand or just an OEM non-branded camera.
In this article I will talk about another serious problem known as Malware, a type of virus that invades the device and can be used by hackers who gain remote access to the device,
Recently there is a major concern with one of these malware called Mirai which became very famous for using devices on the as routers, and especially CCTV cameras as a source of DDoS attack generation to servers on the Internet.
What is DDOS Attack ?
DDoS is the acronym for Distributed Denial of Service that is nothing more than a coordinated attack between several devices that request a service at the same time, that way the server can not respond to all at the same time and suffers an interruption.
It would be like a bunch of people coming to a hospital without actually needing to be treated, but it would take time for all the doctors and nurses present, and with that, those who really need the service could not receive it.
What is the relationship between CCTV and DDoS attack?
Simple, when invading the cameras IPs, DVRs or NVRs, these devices can be used to launch this coordinated attack to a target in the Internet. Imagine your DVR with part of a system that requests connection to servers and collaborates for the success of the attack,
See this table with an example of a list of passwords for CCTV equipment used by Mirai malware to gain access and infect the device.
These passwords are obtained from the manufacturers' own websites that have the information in their installation manuals.
Note that there are several brands of equipment, including large manufacturers that used standard passwords for equipment.
Many cameras now require the creation of passwords at the time of installation to avoid using the default password.
So we must be careful not to be part of this attack system, and we can avoid this by changing the default password, or better yet, using better equipment and having a constant firmware update to improve security.
Stay tuned for new firmware and try to use more reliable equipment, after all you do not want to have credibility problems, do you?
I recommend you to read the following related articles:
Time to spread the word, please just click in the link below to share
Claudemir Martins is a former Samsung Engineer with 15+ experience in the surveillance industry. He has been traveling around 17 different countries to teach people how to design, and install CCTV systems.