Download PDF version Contact company

This question is key in today’s security world, when focusing on security cameras. As part of the IoT world, security cameras of today are playing important roles not only in the security area, but also in providing intelligence to accelerate operational efficiency and decision-making in many other business areas. As they become smarter and more complex, their cybersecurity risks also grow.

In recent years, the world experienced several examples of cybersecurity incidents with cameras, with the ‘Mirai Botnet’ as one of the most well-known examples.

‘Mirai Botnet’ malware incident

Mirai malware took advantage of insecure IoT devices in a simple but clever way

Mirai malware took advantage of insecure IoT devices in a simple but clever way. It scanned the internet for open Telnet ports, then attempted to log in with default passwords. In this way, it was able to amass a botnet army, using the computer power of millions of cameras with default passwords worldwide.

The Mirai Botnet took place in 2016 and, luckily, the cyber security of IoT devices has improved significantly since then. But, some things are still the same and/or cannot be changed. Mikko Hypponen, a Finnish cyber evangelist, is well-known because of his statement, “If a device is smart, it’s vulnerable.

He shows with this statement that all devices that consist of hardware and software, and are connected to the internet, are insecure (and therefore ‘hackable’). Athough, he made this statement some years ago, it is still true and very relevant, an example of something that hasn’t changed.

Complex systems are inviting for unauthorised hackers

Security cameras are IoT devices and, therefore, are vulnerable. They are also abundant on the market in a number of forms and are being designed, developed, and built by several producers from different countries. Current cameras are so technologically advanced that they come with lots of complex processes and computer power onboard.

These technological developments provide incredible innovative security capabilities, but also serious digital risks. The cameras consist of advanced hard- and software components that are produced both in-house and by third parties.

Importance of cybersecurity for cameras

Because of this complexity, such a camera can be seen as a kind of ecosystem on its own and it’s extremely challenging to protect it holistically against the things that could possibly go wrong in this ecosystem. A camera becomes an interesting and inviting attack surface for the ‘bad guys’.

Luckily, cybersecurity has also evolved in recent years and there are different kinds of digital security measures for cameras that can be applied by the camera manufacturers. But, this firstly requires willingness of the camera manufacturer to put effort and budget into the security of the camera itself. This becomes a key question in this discussion.

Cybersecurity ‘built-in’ instead of ‘bolt-on’

Cyber-attackers are very smart and sophisticated, but also very pragmatic

As stated before, all security cameras are vulnerable. However, it’s also true that the more difficult it is to hack a camera, the more likely it is that a cyberattacker will jump to another camera that’s easier to hack.

Cyber-attackers are very smart and sophisticated, but also very pragmatic. They prefer easy targets (if they achieve a similar result). A camera manufacturer that invests in building a cybersecurity foundation that ensures more cyber-resilient cameras, will become a less favorable target for those cyber-attackers, because they prefer to focus on cameras that generate the same results with less effort (in other words ‘easier to hack’).

Implementation of Secure-by-Design

All camera manufacturers and customers need to be fully aware that the more cyber-resilient their cameras are, the less interesting they are for unauthorised hackers to gain access. This cyber resillience requires serious cybersecurity investments in a solid foundation, and one of the most effective investments is the implementation of Secure-by-Design into the production process.

This means that cybersecurity is built-in during each phase of the production process and not seen as an afterthought when the camera is produced and implemented at the customer’s location. A good example of a Secure-by-Design production process within the IoT industry is the Hikvision Secure Development Life Cycle (HSDLC) as described in the Hikvision Cybersecurity Whitepaper.

Cyber resilience of IoT portfolio

Security Response Centre has cybersecurity professionals that handle security incidents

Besides the Secure-by-Design implementation, there are other cybersecurity investments that show the commitment of an organisation towards the fundamental cyber resilience of its IoT portfolio. A Security Response Centre is another example. This centre is a dedicated team of cybersecurity professionals that responds to and handles customer-submitted security incidents & security matters.

Call to action

So, a security camera is an IoT device and vulnerable for hackers that are looking for unauthorised access. But, it doesn’t have to be that way, because camera manufacturers can improve the cybersecurity of their IoT devices significantly as long as they take this task very seriously and are willing to invest in its fundamental building blocks of its cybersecurity.

Secure-by-Design and a Security Response Centre are just two examples of these investments. The question to consider is whether a company is aware of this and is willing to invest in cybersecurity. Because at the end of this story, it’s not necessarily cameras from one area or lower-priced cameras that will be breached, but cameras from those that don’t take product cybersecurity seriously.

Download PDF version Download PDF version

In case you missed it

How can the industry do a better job of promoting emerging technologies in physical security environments?
How can the industry do a better job of promoting emerging technologies in physical security environments?

By all accounts, technology development is moving at a rapid pace in today's markets, including the physical security industry. However, market uptake of the newest technologies ma...

Dahua & KITT Engineering's LED screen innovations
Dahua & KITT Engineering's LED screen innovations

About a year and a half ago, Peter de Jong introduced Dahua to Fred Koks, General Manager of KITT Engineering. Since then, Dahua, KITT Engineering, and Ocean Outdoor have complete...

Protect assets with BCD's hybrid cloud NVR solutions
Protect assets with BCD's hybrid cloud NVR solutions

Like any retail franchise, car dealerships that have multiple locations nationwide require comprehensive, reliable, and scalable video surveillance solutions to protect their busin...

Quick poll
What is the most significant challenge facing smart building security today?