Security expert: high-end surveillance cameras can be used by hackers to spy on sensitive facilities
By End the Lie
A U.S. security expert who worked as a software developer for the National Security Agency (NSA) in the past has revealed that the type of high-end surveillance cameras used in military bases, prisons, banks and industrial facilities can be remotely accessed by hackers.
Given the growing CCTV industry and the increasingly widespread deployment of surveillance cameras in major cities, residential neighborhoods and even on private property, this report leads to some troubling possibilities.
Craig Heffner, who now works for a private security firm, has said that he identified currently unreported bugs in major digital surveillance systems which would allow hackers to spy on facilities or even gain access to highly sensitive computer networks.
“It’s a significant threat,” Heffner said in an interview with Reuters. “Somebody could potentially access a camera and view it. Or they could also use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems.”
The equipment includes products from major corporations like Cisco, D-Link, TRENDnet, IQInvision, Alinking and 3SVision, according to Heffner.
Heffner will reportedly examine some of the so-called “zero-day” vulnerabilities during his talk, “Exploiting network surveillance cameras like a Hollywood hacker,” at the upcoming Black Hat hacking conference, starting July 31 in Las Vegas.
Heffner will also demonstrate a proof-of-concept attack which would allow a remote hacker to freeze and modify video streams from these cameras “in a true Hollywood fashion.”
Other talks at the conference will cover threats to various operating systems used by Apple and Microsoft along with everything from mobile phone networks to medical devices and industrial plant control systems.
Hundreds of thousands of surveillance cameras can be accessed via public internet, according to Heffner, who currently works for Tactical Network Solutions out of Columbia, Maryland.
All of these cameras are apparently vulnerable and, quite interestingly, Heffner said he has not discussed his research with the camera manufacturers and does not plan to before his presentation.
Cisco, D-Link and TRENDnet told Reuters that they would take any appropriate action necessary to secure their surveillance systems after Heffner’s presentation.
The conference is expected to bring in around 6,500 security professionals to hear over 100 talks.
I’d love to hear your opinion, take a look at your story tips and even your original writing if you would like to get it published. Please email me at [email protected]