From various security reports on IoT botnets, we know that most digital video surveillance systems used by small and medium-sized businesses contain vulnerabilities and can be hacked. This article shades light on top reasons why IoT cameras are weak from a security perspective and provides ways to protect the video surveillance systems.
Once the digital video camera is connected to the Internet, it immediately gets an IP address and may start sending information about itself. Using this IP-address, any such device can be searched and found with the help of a “native” application or, for example, an IoT search engine like Shodan. Such a simple way of finding connected video cameras makes it easy for intruders to attack a video surveillance system when they want to put their hands on confidential information or modify important data.
Tip 1. To avoid easy detection of connected cameras by IoT search engines, many manufacturers allow users to access the web interface of the camera and turn off / hide the data about the manufacturer. After that, although the search engine can still find the camera, its make and model will not be identified, which in turn will make it much harder for the hacker to compromise the device.
Even if the IoT search engine can spot a camera on the network, this does not mean that it is possible to attack it successfully. The reason most smart cameras are vulnerable is often hidden in the human factor – excessive carelessness of users.
The fact is that when setting up a camera, people often leave the possibility of logging in using the default account name and password, for example – adminadmin. Moreover, since these parameters are the same for thousands and thousands of cameras and are well known to intruders, hacking is not difficult.
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by David Balaban. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/PnkboD5rLjQ/