As of 2022, it is estimated that there are a staggering 7.3 million CCTV cameras in the UK. Along with the traditional street cameras we think of with CCTV, it is hard to find a home these days that doesn’t have a doorbell camera, baby monitor, pet cam or security cameras inside the house.
But what are the risks associated with CCTV, and to what extent can malicious actors exploit it?
A New Lens of Opportunity
Bringing surveillance technology into a private space presents countless benefits for people, protecting not only themselves but their assets. That’s why the likes of Amazon’s Ring doorbell – which now has more than 10 million users – are so popular. But cheap, simple CCTV designed for home use does not possess the same protection features as the surveillance cameras you will likely find in government facilities. The visibility of a CCTV camera might deter criminals, but for the cyber-savvy, it presents an opportunity.
If cyber-criminals hack a home security system, they can access multiple cameras’ video and audio footage. In fact, in 2021, after a dispute between neighbors, the Oxford County Court ruled that a doorbell’s ability to record sound more than 40 feet away violates the UK Data Protection Act. When this footage is accessed for the wrong means, it can have a devastating impact on its owners.
The Amazon Ring device is an interesting case study, showing that cyber vulnerabilities don’t necessarily come from the device itself. Last year, it was discovered that the Android app – which allows users to access footage from Ring video doorbells – had several bugs, which, when chained together, could allow attackers to create a malicious app to extract users’ personal data.
Entry Points and IoT
CCTV hackers use various methods to compromise systems, enabling cyber-criminals to gain unauthorized access and control. With access to footage, cyber-criminals can do a lot of damage – from learning a household’s daily schedule to plan burglaries to accessing financial or personal information to steal whole identities. Indeed, hackers could launch malware or commit social engineering attacks, blackmail or fraud by getting hold of sensitive data.
A big part of why CCTV hacks are such a threat lies in the multiple entry points available from IoT or cloud-connected devices. If your security camera company is subject to a data breach, your login details could be made publicly available, providing unfettered access to your network. And with each new device added to the network, cyber-criminals are presented with a new entry point to carry out an attack.
Deterrent by Design
The National Security Bill drafted in the UK last year outlined how the offence of unauthorized trespass now covers hacked CCTV images. While it’s a good thing that laws are being updated to make prosecution more effective, this alone will not stop cyber-criminals. Innovation is needed to combat hackers’ increasingly sophisticated tactics.
Cybersecurity in CCTV (and for all devices for that matter) must avoid internal leaks and weak spots while integrating proactive cybersecurity defenses from the hardware level to the external layers to build an ironclad defense.
The UK government-backed Digital Security by Design (DSbD) initiative is a step in the right direction, encouraging software manufacturers to build better security into their products before going to market. The initiative aims to secure underlying computer hardware by subsidizing critical innovations in this space, preventing most vulnerabilities from ever occurring.
Guarding Against CCTV Hack Threats
Ensuring that CCTV is protected requires a consistent framework across your entire cybersecurity defenses. There are steps that individuals, businesses and cybersecurity teams alike can take to ensure this is the case.
Simple cyber hygiene practices can go a long way in strengthening CCTV and other surveillance devices’ protection against hacks. In many instances, failing to change the general password given to your device upon receiving it can allow cyber-criminals easy access. In January 2023, one Chinese manufacturer recalled more than 4.5 million security cameras with easy-to-guess default passwords.
Also, users should always keep their smart home security systems updated with the most recent software and firmware updates, which are how manufacturers fix vulnerabilities and bugs.
Finally, as much as possible, ensure that systems are embedded with cybersecurity features at the hardware level, accompanied by a rigid zero-trust framework. This will ensure that your most critical data is secure.
Learning these basic steps should drill the message home to individuals and organizations on CCTV cybersecurity risk management – before it is too late.