Over view

Securit y Cameras
3 Ways to Hack CCTV Cameras (and How to

Pr event It fr om Happening to You)

Acces s Control

Chris tine D zou

Sens ors

Res ources

Par tners

Reques

Log

Though advances have been made in recent years, many CCTV cameras
remain troublingly vulnerable to a ack. Malicious actors have developed
a wide range of techniques to circumvent security protocols and gain
access to video surveillance systems.

Some use very simple exploits (that take mere minutes), while others
prefer more sophis cated intrusions (that in ltrate even hardened
systems). Though their methods may vary, talented hackers can make
their way into your home security or enterprise surveillance network.
Once inside, they can use remote access to watch the world through
your cameras—or poten ally even take control of them.

Raising the bar on security is the whole point of installing CCTV

cameras in the rst place. So, these vulnerabili es largely defeat the
purpose of inves ng in a surveillance system.

TThe en re industry received a wake-up call to this reality following the

revela on in 2017 that more than half a dozen Hikvision brand wi
cameras were being accessed through a backdoor password reset aw.

The problem created embarrassing headlines (the hashtag #hakvision

circulated on social channels). And ICS-Cert, an agency within the U.S.
Department of Homeland Security, characterized the vulnerability as
“remotely exploitable” with a “low skill level to exploit.”
Despite this incident raising overall awareness, many organiza ons are
s ll woefully behind when it comes to safeguarding their camera
systems. To be er prepare, all enterprises should understand the
following three methods that are among the most commonly used by
criminals to gain unauthorized access to CCTV cameras.

Hack Method #1: Default Password Access

Anyone looking to break into CCTV cameras can start by simply looking
for its IP address online and logging in. By using engines such
as angryip.org or shadon.io, they can obtain that signature informa on
and begin trying passwords that will grant access to the wireless camera
itself or, if a router is a acked, en re security systems.

In theory, this should be di cult and IP security should protect network

data, but the shocking reality is that these passwords are o en iden cal
to the default factory se ngs provided by the manufacturer. In the case
of the Hikvision hack, it was known to be “12345” with a username of
“admin.”

Changing default passwords for a new security camera system should

be a no-brainer in this day and age. So the lesson here is to not
overlook the small details. All the rewalls and hardened network
protocols in the world won’t help if an unauthorized user can simply log
in with a commonly-used or factory-set password to gain remote access
to indoor outdoor surveillance.

Hack Method #2: Find the User ID

When CCTV cameras are harder to breach, malicious actors can instead
look for the user ID. This was easy to nd in a cookie value for
Hikvision. Hackers could then reset the account to take over and have
full run of the device, its hard drives, and perhaps the wireless security
system as a whole.

“While the user id is a hashed key, we found a way to nd out the user
id of another user just by knowing the email, phone, or username they
used while registering,” wrote Medium user Vangelis Stykas earlier this
year even a er Hikvision had worked to x its known aws.

“A er that,” the writer con nued, “you can view the live feed of the
cam/DVR [digital video recorder], manipulate the DVR, change that
user’s email/phone and password and e ec vely lock the user out.”

Hack Method #3: Finding Command Lines

A key aw in the Hikvision case was a “backdoor” command line of code

in the system that granted admin-level access when exploited.

Once this became common knowledge, the Chinese company recognized

and patched the aw. The patch was then included in subsequent
rmware updates for all its security cameras with known vulnerabili es.
Hikvision stated publicly that the code was a holdover from the tes ng
phase, which developers neglected to remove before launch.

Despite all the press in the security community, many operators never
bother to install the latest rmware onto their surveillance cameras. So,
this aw is an issue that even novice hackers will likely con nue to
leverage.

Understanding the Threat

Hikvision is not alone, but its failings showed that weak spots exist in
even some of the most widely-used indoor and outdoor surveillance
cameras on the market. This doesn’t mean that enterprises should
simply change the model of their wireless security camera and expect to
be protected.

Constant vigilance mixed with security intelligence is a powerful

combina on. All organiza ons should look to bolster these cri cal
components—both internally, and when it comes to partnering with
companies worthy of their trust. By working with vendors that put
security at the top of their agenda, you can rest easier knowing that
both the indoor and outdoor security cameras in your facili es won’t be
the subject of the next trending social media topic.

Many organiza ons are beginning to recognize that tradi onal CCTV
technology simply isn’t built for this new, connected era. Forward-
thinking companies are increasingly looking for revolu onary solu ons to
strengthen the safety and produc vity of their opera ons. Using the
latest technology standards to unlock the poten al of computer vision,
modern video security providers will be the ones that help their
customers solve real-world business problems—today and in the future.

To learn more about the future of enterprise video surveillance, check out our
latest eBook, which explores why security professionals are moving from
traditional systems to hybrid cloud solutions.

Tags
V iew All Tags

C C T V vs . Hy br id C loud C y ber s ecur ity C y ber attack

Chris tine Dzou

Chris ne Dzou is passionate about connec ng customers with innova ve

solu ons that solve real-world problems. At Verkada, she focuses on expanding
the company's digital reach and iden fying successful channels for opportunity
crea on.

Tr y Verkada For Free

Get a trial camera, risk-free for 30 days. We cover shipping both ways.

Get St ar t ed
 Nov

Fight These 3 Trends in ATM Fraud with Video Sur veillance

Technology

Idan Koren Nov 0 6 , 2 0 1 8

Criminals will always be working to nd a way around even the strongest

safeguards. But staying out in front and u lizing modern surveillance technology
in this ongoing ba le will help ensure that clients can access their money
without becoming the next vic m.

Read mor e

Nov

E nhance School Safet y in 5 Simple Steps

Chr ist ine D z ou Nov 1 5 , 2 0 1 8

School safety and security will always be challenging, but a few simple steps can
make it easier to create and implement a plan that protects those who work and
learn there.

Read mor e

P r oduct s

Solut ions

Resour ces

Company

Suppor t

US Number

+ 1 (6 5 0 ) 5 1 4 -2 5 0 0 (L oc al )

(8 3 3 ) 8 3 7 -5 2 3 2 (Tol l -Free)

UK Number

+ 4 4 (2 0 ) 3 0 4 8 6 0 5 0 (L oc al )

0 8 0 8 1 9 6 2 6 0 0 (Tol l -Free)

Latin A mer ica Number

+ 5 2 (5 ) 5 6 5 9 9 1 5 5 5

A us tr alia Number

+ 6 1 (1 8 0 0 ) 7 1 8 5 5 8

Facebook
Twi er LinkedIn
Youtube
link link link link
icon icon
Cont act Sales icon icon
Terms of Sal e Terms of Serv i c e Pri v ac y Pol i c y

© C opyri ght 2 0 2 0 Verkada Inc . A l l ri ght s res erv ed.