IP cameras – a criminal invitation

Companies and home owners are turning to webcams to increase their on-premises security, but as they use the Internet protocol, they can be easily hacked if they are not properly secured.

Companies and individuals are increasingly turning to webcams to help secure their premises. However, these high-tech solutions typically use Internet protocol (IP), an open standard, to connect back to control rooms. Like all open standards, IP can easily be hacked – if not properly secured.

Let’s take a recent example from last year: a Texas couple’s babycam was hacked by a repeat offender who used the device to curse and say sexually explicit things to their sleeping two-year-old daughter. (The child was born deaf, so was not disturbed by the hacker’s bizarre outbursts).

In March this year, hacker Jared James Abrahams, received an 18-month jail sentence for hacking into the webcam of Miss Teen USA, Cassidy Wolf. Abrahams did this sort of thing regularly, using nude photos to blackmail girls to send him more pictures or undress for him on Skype.

And, just in case you don’t have the skills to do the hacking, the Web abounds with help. YouTube has a four-step instruction video on how to hack into any live webcam, while WikiHow shows how to watch security camera streams on the Internet. These are just two examples.

At Hack in the Box, a 2013 security conference, researchers from a security firm, Qualys, said that Web-based administration interfaces for Internet-protocol webcams are “a textbook example of an insecure Web application” that makes personal information vulnerable. Respected publications like InformationWeek have reported on vulnerabilities inside well-known network video recorders which are used to record video from webcams.

In other words, the very devices people are relying on to provide a new layer of security are actually back doors that crooks can easily exploit,” says Philip Smerkovitz, Managing Director of TeleEye South Africa (Pty) Ltd, a CCTV remote monitoring and management consultancy. “This vulnerability is expected to grow as the smart office and home concept takes off, and webcams are used both to beef up security and monitor activity.

In response to this vulnerability, TeleEye has developed hacker-resistant IP cameras that use proprietary protocols to protect video streams. It is typically while the video is being transmitted that it is vulnerable to hackers. TeleEye’s video-streaming protocols offer one level of protection, as does TeleEye’s SMAC-M Multi-Stream video technology, which delivers efficient and effective bandwidth utilization. More important, TeleEye’s also uses AES 256-bit encryption, the technology used by the US government to protect top-secret information. Thus, even though the information is delivered via an open-standards platform, it remains impervious to outside eyes.

Additional security is provided by TeleEye’s pair-matching architecture. TeleEye software and hardware have individual identities, and only if software is registered with the hardware can it be used for video-surveillance function. Thus, even non-registered TeleEye software cannot access TeleEye hardware,”Smerkowitz explains. “Moreover, only users with designated IP addresses can access client’s security camera network,” he says.

* Follow Gadget on Twitter on @GadgetZA