City CCTV networks vulnerable to cyberattacks
Mon 1 Jun 2015
Public CCTV and security surveillance networks are vulnerable to hacking attacks, according to recent findings from cybersecurity research group Kaspersky Lab.
Designed to protect civilians from crime and terrorism, city video surveillance systems could easily be misused by third parties who exploit configuration flaws to access data recorded by the security cameras said Kaspersky.
CCTV systems usually connect across a mesh network through which data travels along a series of nodes to a central control centre. “Instead of using a Wi-Fi hotspot or wired connection, nodes in such networks simply transmit data to the closest node which transmits it further through other nodes right to the command centre,” explained lead researcher Vasilios Hioureas.
Kaspersky warned that the majority of camera systems use no encryption at all, or if encryption tools are employed they are not being used correctly. The cybersecurity firm underlined that this means that clear data is readily sent across the mesh network and freely available for anyone with access. Consequently if a hacker is able to gain access to a single node in a network, they would be able to observe and manipulate the data travelling through it, replacing real content with a fake recording for example.
“We undertook this research to highlight that cybersecurity also affects physical security systems, especially critical public systems like video surveillance. When building a smart city, it is extremely important to not only think about the comfort, energy and cost efficiency that the new technologies will bring, but also about the cybersecurity issues that might arise,” said Hioureas.
The malware analyst also noted that the findings would be useful for those city authorities who have already implemented and are looking to secure their mesh-network-based surveillance systems or for those considering installing new networks.
Kaspersky recommends Wi-Fi Protected Access as a minimum requirement to reduce surveillance system vulnerability and securing video data with public-key cryptography to stop hackers being able to modify footage.