Surveillance cameras are supposed to protect assets and deter criminals, but they can easily become a liability if a hacker hijacks them. Luckily, if the organization has a robust security posture, this fate is relatively easy to avoid. What can information technology (IT) teams and business leaders do to secure these systems?

How Secure Is Your Surveillance System?

Many modern surveillance systems are constantly online to streamline data transmission and enable remote, real-time monitoring. This connection makes them vulnerable to cyberattacks. Cybercriminals can use the Shodan search engine to browse internet-connected devices until they find an open network port. 

If they can’t poke holes in the network’s security, they target endpoints. Regardless of the attack vector, they can cause considerable damage. At best, they rope devices into a botnet, which impacts performance and can cause malfunctions. At worst, they take control to exfiltrate sensitive data like facial recognition profiles. 

Bad actors could launch hypertargeted attacks to conduct corporate espionage or stalk individual employees. If they get control of cameras, they can see and hear everything people do, regardless of whether they are one building away or halfway around the world. 

These attacks have significant legal and financial implications. Despite the risks, many organizations lack proper controls. According to Statista, just 50% had compliance policies for IoT device security in 2022. Cameras tend to be a blind spot for IT teams because they aren’t seen as vulnerable as networks or data storage systems. 

Common Types of Attack Techniques

Online cameras belong to the Internet of Things (IoT), so they can be roped into a botnet after being infected by malware. This malicious network of devices spreads malware or launches cyberattacks, potentially implicating the owners in fraud or cybercrime. Alternatively, they may be targeted by denial-of-service attacks, preventing them from functioning correctly. 

Takeover attacks are also relatively common. Attackers exploit security weaknesses to hijack devices. Once they gain control, they can exfiltrate sensitive data and eavesdrop on conversations. Sometimes, they lie in wait to collect information for future crimes. For instance, they could watch the video feeds until someone unintentionally records their password.

Uncommon Techniques 

Sensor spoofing is less common, but still possible. Hackers can use radio waves to trick surveillance systems into misinterpreting data, rendering real-time object or facial recognition unreliable. 

Replay disarm signal attacks operate under a similar principle. If someone intercepts and retransmits a legitimate data packet, they can gain unauthorized access or force devices to misbehave. For example, they could copy a remote control’s “off” signal and then later rebroadcast it to turn the cameras off despite lacking legitimate controls.

There are countless creative techniques. One study uncovered a data transmission flaw that lets bad actors reconstruct high-quality video streams. It tested 12 off-the-shelf commercial cameras, most of which were vulnerable. Their internal components produce electromagnetic radiation, which bad actors can intercept to access encoded video in real time.

Why Are Cameras Susceptible to Attacks?

Many IoT devices have minimal built-in security features, making them susceptible to cyberthreats. However, human error and insider threats are also to blame. 

Unreliable Manufacturers

Companies often overlook their system’s origin. As the cybersecurity regulations manufacturers are subject to become more stringent, many are eliminating default credentials and improving built-in security measures. However, issues remain. 

In 2023, the BBC tested several surveillance cameras as part of its investigative documentary series, concerned that the proliferation of Chinese-made devices posed a security threat to British businesses and government agencies. It focused on Hikvision and Dahua — two of the leading surveillance camera manufacturers in the world. 

Some of Hikvision’s products contained a years-old vulnerability described as a “back door” the company had “built into its own products” by Conor Healy, the Internet Protocol Video Market’s director. As many as 100,000 cameras could be affected. While the company told the BBC it has and will never conduct espionage-related activities for any government, it is partly state-owned. 

Slips, Lapses and Violations

Human error is common. Whether an accidental mistake or a lapse of protocol occurs, employees can introduce weaknesses into the surveillance system. For example, if an IT team with competing priorities skips a patching deadline, a cybercriminal can quietly exploit a vulnerability and move laterally through the network. 

Ways to Secure Your Surveillance System

Business leaders, IT professionals and employees must work together to secure their surveillance systems. 

Modern Cameras 

One of the best ways to improve security is to upgrade legacy technology. Modern internet protocol (IP) cameras have built-in security encryption, multilevel user access control and VPN support with IP address filtering to secure systems. These features grant professionals precision control. Sometimes, they can limit access to specific video feeds or time periods.

Unlike legacy technology, modern solutions comply with new life cycle security regulations and are more likely to have dedicated teams providing software patches. Moreover, businesses with higher-quality systems can reduce device volume while maintaining visual coverage, shrinking their attack surface. 

Built-In Security

Network segmentation acts as a first line of defense, blocking lateral movement. Administrators can restrict traffic flow between subnets, setting up separate policies for each as needed. This approach improves cybersecurity by isolating and confining infected nodes. 

Since IoT devices are notoriously easy to exploit, decision-makers should implement additional security measures. Data encryption is essential to prevent eavesdropping and data theft. If data storage space is limited, they should prioritize those that may record sensitive audio, proprietary processes or biometric scans. 

Dedicated Teams

Having dedicated IT personnel patch software, upgrade hardware and monitor logs improves incident response time, minimizing cyberattack damage. Ideally, business leaders make cybersecurity a collaborative effort by fostering a culture of compliance. In areas where human error is too risky or common, they can leverage automation technology and routine audits. 

They should also consider which vendors and manufacturers they use, utilizing strict selection criteria to determine trustworthiness. Small business owners may be tempted to buy do-it-yourself kits to avoid the hassle and save money, but they are not as secure. 

Keep Cameras From Being Compromised 

Surveillance system security is not a one-and-done task — it requires ongoing effort. Collaboration is in everyone’s best interest, as a comprehensive safety net helps protect their personal information and can keep them from being spied on.