In this interview for Help Net Security, Camellia Chan, CEO at Flexxon, talks about the dangers of closed-circuit television (CCTV) hacks and what users can do to protect themselves.
More and more homes are being equipped with CCTV. While it can be very useful, it also poses numerous threats. What are the most common ones users can face?
Video cameras, or CCTV, are becoming a more and more widespread feature of life. In fact, smart home security cameras have become so popular, the global market is expected to reach $30.38 billion by 2030, according to the Straits Research’s “Smart Home Security Camera Market“ report.
It’s important to note that once information is captured on CCTV, it is no longer safe as any piece of technology connected to the internet is potentially vulnerable to cyberattacks.
Once inside a device, hackers can execute a variety of harmful actions that can have serious impacts on a person – or a business. From stealing video footage to launching harmful malware viruses, this type of hacking can lead to devastation that could potentially have long-lasting consequences.
The most common type of threat we see as a result of CCTV technologies are hacks resulting in stolen or lost data. For example, footage can be obtained by a cybercriminal, and they can scoop sensitive financial or personal information to cause a great deal of harm to an individual. How? Much like how law enforcement uses CCTV footage to identify criminals, cybercriminals can do the same. Plus, many cameras are also equipped with facial recognition technology, hacking into a server that stores and analyzes footage and data can give cybercriminals unfettered access to someone’s identity and any other information stored.
Additionally, there is a possibility hackers can access the microphone feature of some cameras to make unauthorized communication with individuals inside a property. This can be particularly concerning when minors are present.
What are the personal data cybercriminals can gain and how can this be a threat to users?
Information like medical records, credit card details, health insurance or even passports can be used to commit blackmail or fraud. Plus, cybercriminals can use this info to launch social engineering attacks (cyberattacks designed to manipulate individuals through interaction), conduct extortion, and much more. All attempts to target an individual are dangerous, what varies is the scale of impact. The danger can range from financial losses to physical harm, and even national security.
Are there physical threats for users?
Businesses face a wide variety of security threats, both online and offline. While many companies are aware of the risks posed by cyberattacks, internal data theft, and other digital threats, physical security threats to businesses are often overlooked. As long as IoT and CCTV devices can be hacked, accessed, watched and acted upon, danger is present. Hackers who gain access to home security cameras can monitor people’s private lives, an egregious violation of personal privacy that can result in burglaries, stalking, or home invasion.
Burglaries often result in someone becoming physically harmed, unfortunately. Another example could be a criminal having access to tampering with traffic cameras or doorbell cameras. That kind of hacking can lead to serious physical harm, such as traffic accidents, home invasions, and stalking. In severe cases, we’ve also seen criminals use this information to plan kidnappings and violent crimes.
How can CCTV devices be weaponized and what could be the consequences?
As long as these devices can be hacked, accessed, watched and acted upon, the danger is present. In the responses above, I’ve shared some ways that CCTV can be weaponized, including, hacking traffic cameras or doorbells, capturing personal details to steal identities, etc. However, another example we’ve yet to touch upon is CCTV footage manipulation. With the new and improved technology and software at pretty much everyone’s disposal, tampering with footage is easier than ever before. As such, cybercriminals can manipulate CCTV footage to alter criminal cases, outcomes, and more.
How can users protect themselves from CCTV hacks?
Like most cybersecurity threats, most CCTV intrusions are preventable. The rapid growth of connected devices means that it takes the whole village to secure our data. Everybody from the manufacturer to the end user and cybersecurity teams to vendors must do their part in maintaining the integrity of the devices. The companies providing these technologies and the individuals using them must use proactive measures like regular penetration testing, red teaming, or compromise assessments are essential – including hardware-based cybersecurity measures and adopting zero trust frameworks.
Minimizing human interaction is also critical as it helps to reduce the possibility of human error allowing hackers into the system through things like phishing attacks, etc. At the very least, organizations using these technologies should provide intensive employee education to keep the possibility of such errors at the top of mind.
At home, people who have security camera systems such as Ring or SimpliSafe should practice simple cyber hygiene techniques that prevent most breaches, starting with making sure the device they buy is from a reputable source and manufacturer. Plus, users should change passwords and usernames often, always use strong passwords, limit 3rd party access, and secure their home networks.