Hacked Off

Hacked Off

7 ways to protect security cameras from hackers

  • By Tom Galvin
  • Sep 01, 2017

The digital writing is on the wall for the physical security industry. We’ve recently witnessed some of the biggest distributed denial of service (DDoS) attacks in history, facilitated by devices such as network security cameras. Yet while our industry is fairly good at anticipating and reacting to new physical security threats, we’ve been very slow to react to the clear and present danger from cybersecurity attacks.

There are myriad reasons for this, including lack of knowledge about how to properly secure cameras. So far, the camera attacks have been focused on disrupting the business of those other than the camera owner. With code floating around the Internet that breaks into poorly protected cameras, how long will it be before hackers modify that code to attack the camera’s owner?

What has become obvious in the last year is that simple devices such as security cameras must be installed and administered with cybersecurity in mind. Fortunately, while the risks are real, it doesn’t take a CCNA certification to apply cybersecurity defenses. Here are seven simple measures to take to protect your cameras, your network, your revenues, and your reputations.

Change Your Passwords

Many installed cameras are still using the manufacturer’s default passwords. Many others have weak passwords that are easy to guess. Hackers can easily exploit this by writing programs that try a list of default and common weak passwords very quickly, hoping to stumble on one that works.

Isolate Your Cameras

If criminals can’t talk to your cameras, they can’t attack them either. Do not put them on the corporate network with all of the other PCs and Workstations. Isolate them with a Virtual LAN (VLAN). Only the Video Management System (VMS) should be able to talk to them.

Lock Down the Network

Hackers can gain access to any camera on your network by unplugging any camera and replacing it with a laptop. Thwart this by configuring the network so that the only devices allowed to communicate over those ports are the cameras you installed. Each camera has a unique identifier called a MAC address. A network can be configured to only allow a certain MAC address on each port (a feature called MAC Binding). With this in place, all communications from other devices get thrown away, and the hacker gets a dead connection.

Use Two Logins for Each Camera

IT departments discovered a long time ago that computers should use at least two logins: a user with a minimal amount of privileges and an administration login with full privileges. This separation of users minimizes the chances of a frequently used login falling into the wrong hands. Cameras should be set up the same way: one login used by the VMS that allows for streaming video only, and an admin login that is only used on rare occasions, such as needing to update firmware.

Monitor for Unusual Events

Hacking often leaves signs. If a hacker unplugs a camera for nefarious purposes it will, of course, go offline. That said, the hacker may try to plug the camera back in, so you should regard even a short outage with suspicion. If a new set of firmware is uploaded, the camera will reboot.

Viruses often place a load on the camera and reduce performance. You might get lucky and notice one of these during your normal use of the system, but good security takes more than luck. The best practice is to set up the system to monitor for events like these with immediate notification.

Purchase Cameras from Reputable Companies

There is much concern over the security of certain brands of cameras. Most certainly, checking the “cyber reputation” of any system component vendor should be on your checklist prior to a major purchase. Look for vendors that have a public reputation for attention to proper cyber aware design. They should respond rapidly to any issues.

If you already have a significant investment in cameras from a less than trustworthy vendor, following these best-practice recommendations will significantly lower the risk.

Apply Automation

Automated cyber protection mechanisms can make the administration of these best practices scalable and automated. On the front end, automation tools can configure best practices such as enabling a protected VLAN for the security system and changing a camera’s default login credentials. Once the system is installed, automated cyber protections can also monitor network flows, detect abnormalities, and respond immediately to suspected attacks.

Don’t wait to be attacked to take proactive cybersecurity measures.

This article originally appeared in the September 2017 issue of Security Today.

Featured

  • Report: 47 Percent of Security Service Providers Are Not Yet Using AI or Automation Tools

    Trackforce, a provider of security workforce management platforms, today announced the launch of its 2025 Physical Security Operations Benchmark Report, an industry-first study that benchmarks both private security service providers and corporate security teams side by side. Based on a survey of over 300 security professionals across the globe, the report provides a comprehensive look at the state of physical security operations. Read Now

    • Guard Services

  • Identity Governance at the Crossroads of Complexity and Scale

    Modern enterprises are grappling with an increasing number of identities, both human and machine, across an ever-growing number of systems. They must also deal with increased operational demands, including faster onboarding, more scalable models, and tighter security enforcement. Navigating these ever-growing challenges with speed and accuracy requires a new approach to identity governance that is built for the future enterprise. Read Now

  • Eagle Eye Networks Launches AI Camera Gun Detection

    Eagle Eye Networks, a provider of cloud video surveillance, recently introduced Eagle Eye Gun Detection, a new layer of protection for schools and businesses that works with existing security cameras and infrastructure. Eagle Eye Networks is the first to build gun detection into its platform. Read Now

  • Report: AI is Supercharging Old-School Cybercriminal Tactics

    AI isn’t just transforming how we work. It’s reshaping how cybercriminals attack, with threat actors exploiting AI to mass produce malicious code loaders, steal browser credentials and accelerate cloud attacks, according to a new report from Elastic. Read Now

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

Most   Popular

New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.