A camera that is being hacked can be used both for network attacks as well as unauthorised monitoring or completely shutting down the video surveillance. So far, it has been relatively quiet regarding this topic, except for some accusations of lack of security in some Chinese camera manufacturers’ products. What is the main reason why cameras can easily be hacked? Like everything else, it is often actual operation that is the biggest problem; for example, passwords are often too simple and passwords are not changed. But also, the password procedure itself is a risk. Biometrics and ID solutions will most likely replace typed passwords in the future. Just take a look at how many banks have solved the problem in their network-based payment solutions. Two-factor authentication or multi-factor authentication will certainly also be used for security devices.
In the latest issue of the Detektor magazine (01/2017), we place the focus on the problem of securing data in video surveillance applications. The starting point is the big international buzz raised last autumn, namely the accusations made against the world’s largest manufacturer of video surveillance equipment – Hikvision.
The IPVM online forum and its charismatic editor, John Honowich, have been engaged in something that might be described as a hunt for Hikvision for a long time. Dumping prices has been a theme, but recently most attention has been put on Hikvision products being a cyber risk. The rhetoric has been fierce and merciless. Hikvision is accused not only of a lack of IT security, but potentially also of granting the Chinese government access to Hikvision cameras. An article in the British newspaper The Times also supported these arguments.
The attention on Hikvision increased even more when the VMS software manufacturer Genetec decided to disfavour Hikvision cameras by making new customers using Hikvision devices pay a special license fee, and making current customers sign a waiver so that Genetec cannot be held responsible if network problems occur because of Hikvision devices. Genetec’s CEO has given an exclusive interview to Detektor on why these measures have been taken. Also, Keen Yao, VP of Hikvision’s International Business Centre, responds to both the accusations and insinuations and gives his view on the matter.
Even if the accusations rest heavily on hypotheses or on information from unconfirmed sources and are not necessarily true, they should be seen as an awakening for the physical security industry. Cyber security is often a neglected area. Here, the physical security industry – including all levels of the security camera supply chain, must take responsibility. “A surveillance system can consist of hundreds of cameras and if one camera fails in security, you may lose the whole surveillance solution”, says IT security expert Mikael Simovits, who gives his view on data security and video surveillance in this issue. He is anything but impressed about the data protection in today’s IP cameras. He considers them very easy to hack and calls for a much higher level of security.
Cyber security, as well as the development of IoT – are something that will characterise many of this year’s upcoming editions of Detektor. There is a great need for information, which we intend to fill, focusing in on security applications.
It seems 2017 is already proving to be an interesting year for the security industry.