The real price of using “open” IP security cameras?
Whether the concerns arise from foreign owned manufacturers compromising CCTV devices, or CCTV devices being
compromised by any attacker, media reports highlight the inevitable concerns and risks of utilising generic open source
services and libraries in an ‘unattended’ security appliance such as a camera.
This is of course seriously compromised further when there are fixed ‘back door’ root shell passwords, or nearly as bad are widely
publicized generic passwords, which give the user a completely false impression that their products are in fact protected.
The NetVu software philosophy for some years now is that such default passwords are very dangerous, and clear warnings
presented to the user of unprotected accounts is a far better step in creating user awareness for the issue. There are also further
safeguards as well, which limit the scope of accessibility until passwords have been configured.
It is vital that a multi tiered approach is taken to CCTV security. Segregation of networks is a key element, ideally with no
direct network routing from camera endpoints to the corporate network or the public internet, as well as providing
access permissions and stringent firewall services.
The current ‘default’ VMS driven approach has been woefully lacking in addressing these fundamental points. The principle has
been that a central Video Management System provides camera configuration and management credentials, however those
individual cameras are directly accessed by the users. Equally the storage solution, NVR or similar, accesses the IP cameras
directly over the network.
The very fact that there is access between users and appliances directly makes for a more troublesome firewall configuration ( if
one is applied at all ) as there is implicitly a path between every user and every device – even when those devices are located in
insecure locations outside the building.
Some have adopted the solution of installing a separate CCTV network completely isolated from the main network,
physically and operationally. This must surely be a retrograde step which fails to leverage the benefits of centralisation,
and falls short of properly addressing the base technology architecture.
Since the early 2000’s users have safely accessed networked CCTV systems made up of analog cameras, through a single
controlled IP address. But this poor attempt at a solution for systems based on IP cameras, leaves the user with less access, and
fails to leverage any benefit of the IP infrastructure. Even with IP, surveillance solutions are still often referred to as CCTV.
The ‘Closed Circuit’ in CCTV related to the direct closed link between the camera and the security system, even though the formats
were the same as broadcast television, and this element has potentially been disregarded for IP surveillance solutions.
For some years now, the NetVu Connected software has contained a secure, hardened IP management layer which automatically
creates secure VLANS fully segregated from the corporate network on a non routable sub network, and then all
accesses between users and the images are only achieved by very specific gateways that can be managed and
controlled to limit any cyber attacks.
This Closed IP “hardened” management layer has been applied over and above a conventional IP infrastructure in order to provide that same
specialised security protection that Closed Circuit achieved in analog CCTV.
However, when generic OS (Operating Systems) and services are used without specific protections and review, as they are in
“cheap” and what could be described as “reputable” IP cameras, the systems become vulnerable to not just surveillance oriented
attacks, but generic cyberbot attacks that could result in your own IP camera devices becoming a wider ‘enemy within’.
The drive for open standards and interoperability, championed by ONVIF and others, are only there for commercial supply line
convenience, and in fact are directly contradictory to the needs of overall security.
The application of generic services, and on occasions ‘root level’ back doors which is common with many manufacturers,
means that devices can be compromised in a totally generic manner, with no specific knowledge of that particular device’s
operation or architecture.
Far from simply utilizing generic services that leave a massive resource of attack vulnerabilities open,
manufacturers should seek to implement their own ‘Command Line Shell’ structures limited to the relevant needs only.
As a minimum, a customised additional protocol layer should be applied on any service that allows access to those services and
functions only as explicitly required. This is rather than the complete freedom provided by example of a Linux ‘bash’ shell,
allowing for example the addition of malicious firmware and the alteration of access credentials and complete system access.
While any solution can be hacked with sufficient time and knowledge, all that ‘standardisation’ such as ONVIF has
created is a platform whereby a single hacking tool, the creation of which is assisted by masses of public information
and open source software, can then compromise the majority of cameras using the same techniques.
The ability and return on having to create individual tools for each family of devices creates a far greater impediment to the
widespread availability of such tools.
For some time, poorly controlled IP surveillance devices have represented a grave risk of becoming the ‘enemy within’. The rise
of often randomly deployed ‘Internet of Things’ IoT devices also with default user credentials will make this situation even worse,
as they share the same basic operating and interface structures as other IP devices, and so the scope for your IP surveillance
devices being ‘recruited’ and compromised as part of a cyberbot army is increasing daily.
All manufacturers should be promoting well defined, easy to implement defensive solutions as an implicit and fundamental part of
their solution to protect both the user and the IP appliances themselves from any such attacks – whether originating from a
foreign power owned entity or any other cyber attacker.
Any solution that relies or offers generic corporate IP addresses to individual IP surveillance appliances should be
treated with the highest levels of caution – and this applies to the vast majority of VMS based solutions on the market.
NetVu Connected and Closed IPTV embodied in Dedicated Micros products, has described the way forward for some years now
but a mistaken and often falsely propagated perception of non standard protocols and ‘closed architecture’ have blinded many to
the awareness of the critically important risks and challenges that should now be addressed in even the entry level surveillance
Ongoing media attention brings these issues into focus and the user should take action now to review their systems and deploy
safe and secure IP systems which do not contain the vulnerabilities described in this article.
NetVu Ltd is a British developer which sells, support and warrants all products of Dedicated Micros, FireVu and TransVu in EMEA.