×

Cyber Security & IP Cameras: Everyone’s Concern

01/10/2018 News Articles

Everyone’s Concern

In the age of the IoT, no one wants to be the one who enabled potentially significant damage resulting from a breach. 

(Extract from article – follow link at bottom to review original)

In 2006, there were a mere two billion connected devices worldwide. By 2020, that number is projected to top 200 billion, according to Intel. That’s more than 25 devices for every person on Earth based on population forecasts. Cisco is more conservative, pegging the number at closer to 50 billion, which is still staggering.

 As a result of the rapidly expanding number of potential entry points for attackers, Juniper Research expects the cost of cybercrime to businesses will reach $2 trillion globally by 2019. At the same time, total cyber security spending from 2017 to 2021 is forecast to top $1 trillion, according to Cybersecurity Ventures. Yes, that’s trillion - with a T.

 IP cameras are particularly susceptible, says Jeff Whitney, vice president of marketing, Arecont Vision, Glendale, Calif., because many models were not designed to address this type of challenge, making them easy to hack or be used to do things users don’t intend to happen.
“When the shift came to IP cameras from legacy analog devices, most vendors moved versions of their existing architectures from analog to IP cameras, without considering the potential long-term impact on the organization,” he says. The network is no longer exclusively for the surveillance, access control,
and other physical security systems. Instead, it may be a segment of the overall corporate network or part of the corporate network directly, and as such any device that becomes infected — including security cameras — can become a propagator or vehicle for cyberattacks on other platforms and networks.”

The main reason for this is the common operating systems — in many cases, Linux — employed by many cameras and DVRs. This simplifies the process of adding features, shortens time-to-market, reduces manufacturers’ costs, and lowers purchase prices for end users.

“Today, however, we now know that this approach can expose the device to cyber weaknesses or exploits. Malware, worms, and hackers can use these exploits in their attacks,” Whitney explains.


SIDE NOTE: Since 2013, more than 3.8 million records have been stolen via security breaches every day. That translates to more than 158,000 per hour, 2,645 per minute and 44 per second for the last four years. — Nu Data Security

In addition to the well-publicized Mirai malware attack that in 2016 turned millions of IP cameras into bots used to attack a number of high- profile websites in some of the largest distributed denial of service (DDoS) attacks, there have been other examples of large numbers of IP cameras being breached.

Whitney points to a high-profile incident that saw a ransomware attack infect 70 percent of the Washington, D.C., police department’s video cameras citywide just prior to the inauguration of President Donald Trump. A total of 123 of 187 NVRs had their data encrypted, and the content could only be accessed if a ransom was paid to those behind a cyberattack. Luckily, the city was able to resolve the problem without paying ransom by taking all devices offline, removing all software and restarting the system at each site — a costly endeavor. 

“No device should be given access to the network without having a user ID and a 16-digit ASCII password, enabled after the device has been configured for use by the installer and turned over to the customer,” Whitney says.

SIDE NOTE: The average time a hacker remains hidden on a breached network is 140 days, during which time they may uncover additional vulnerabilities and steal sensitive data.
— Microsoft

No device should be connected to the network that has not been verified as having the latest firmware from the manufacturer.

“Regular updates of IT devices are common, but security practitioners are not as familiar with performing frequent updates of cameras as they should be,” Whitney says. “This new practice needs to be enforced as a best practice. Cameras that can be updated through a planned, secure process remotely and with multiple units at a time will make this process easier and less complex for the security practitioner.” 

Source: http://digital.bnpmedia.com/publication/?i=466410&ver=html5&p=56

MessagesTimelineExceptionsViews11RouteQueries4Models22MailsGateSessionRequest
7.4.33PHP Version77.88msRequest Duration7MBMemory UsageGET news/{slug}Route
    • Booting (45.89ms)
    • Application (31.74ms)
    • 1 x Booting (58.92%)
      45.89ms
      1 x Application (40.76%)
      31.74ms
      11 templates were rendered
      • themes.avc1.single (resources/views/themes/avc1/single.blade.php)2blade
        Params
        0
        post
        1
        categories
      • themes.avc1.layout.master (resources/views/themes/avc1/layout/master.blade.php)10blade
        Params
        0
        obLevel
        1
        __env
        2
        app
        3
        smallsliders
        4
        errors
        5
        post
        6
        categories
        7
        __currentLoopData
        8
        category
        9
        loop
      • themes.avc1.partials.header (resources/views/themes/avc1/partials/header.blade.php)10blade
        Params
        0
        obLevel
        1
        __env
        2
        app
        3
        smallsliders
        4
        errors
        5
        post
        6
        categories
        7
        __currentLoopData
        8
        category
        9
        loop
      • menuheader (resources/views/menuheader.blade.php)2blade
        Params
        0
        items
        1
        options
      • themes.avc1.partials.footer (resources/views/themes/avc1/partials/footer.blade.php)10blade
        Params
        0
        obLevel
        1
        __env
        2
        app
        3
        smallsliders
        4
        errors
        5
        post
        6
        categories
        7
        __currentLoopData
        8
        category
        9
        loop
      • menufooter (resources/views/menufooter.blade.php)2blade
        Params
        0
        items
        1
        options
      • voyager::menu.default (vendor/tcg/voyager/resources/views/menu/default.blade.php)15blade
        Params
        0
        obLevel
        1
        __env
        2
        app
        3
        smallsliders
        4
        errors
        5
        items
        6
        options
        7
        __currentLoopData
        8
        item
        9
        loop
        10
        originalItem
        11
        isActive
        12
        styles
        13
        icon
        14
        alerts
      • voyager::menu.default (vendor/tcg/voyager/resources/views/menu/default.blade.php)15blade
        Params
        0
        obLevel
        1
        __env
        2
        app
        3
        smallsliders
        4
        errors
        5
        items
        6
        options
        7
        __currentLoopData
        8
        item
        9
        loop
        10
        originalItem
        11
        isActive
        12
        styles
        13
        icon
        14
        alerts
      • voyager::menu.default (vendor/tcg/voyager/resources/views/menu/default.blade.php)15blade
        Params
        0
        obLevel
        1
        __env
        2
        app
        3
        smallsliders
        4
        errors
        5
        items
        6
        options
        7
        __currentLoopData
        8
        item
        9
        loop
        10
        originalItem
        11
        isActive
        12
        styles
        13
        icon
        14
        alerts
      • voyager::menu.default (vendor/tcg/voyager/resources/views/menu/default.blade.php)15blade
        Params
        0
        obLevel
        1
        __env
        2
        app
        3
        smallsliders
        4
        errors
        5
        items
        6
        options
        7
        __currentLoopData
        8
        item
        9
        loop
        10
        originalItem
        11
        isActive
        12
        styles
        13
        icon
        14
        alerts
      • themes.avc1.partials.rocket-menu (resources/views/themes/avc1/partials/rocket-menu.blade.php)10blade
        Params
        0
        obLevel
        1
        __env
        2
        app
        3
        smallsliders
        4
        errors
        5
        post
        6
        categories
        7
        __currentLoopData
        8
        category
        9
        loop
      uri
      GET news/{slug}
      middleware
      web
      controller
      App\Http\Controllers\PostsController@show
      namespace
      App\Http\Controllers
      prefix
      where
      file
      app/Http/Controllers/PostsController.php:47-55
      4 statements were executed2.67ms
      avc_staging_db
      • select * from `categories`
        620μs/app/Http/Controllers/PostsController.php:17avc_staging_db
        Metadata
        Backtrace
        • 12. /app/Http/Controllers/PostsController.php:17
        • 14. /vendor/laravel/framework/src/Illuminate/Container/Container.php:843
        • 15. /vendor/laravel/framework/src/Illuminate/Container/Container.php:681
        • 16. /vendor/laravel/framework/src/Illuminate/Foundation/Application.php:785
        • 17. /vendor/laravel/framework/src/Illuminate/Container/Container.php:629
      • select * from `posts` where `slug` = 'cyber-security-and-ip-cameras-everyone-s-concern' and `status` = 'PUBLISHED' limit 1
        960μs/app/Http/Controllers/PostsController.php:51avc_staging_db
        Metadata
        Bindings
        • 0. cyber-security-and-ip-cameras-everyone-s-concern
        • 1. PUBLISHED
        Backtrace
        • 16. /app/Http/Controllers/PostsController.php:51
        • 19. /vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php:45
        • 20. /vendor/laravel/framework/src/Illuminate/Routing/Route.php:219
        • 21. /vendor/laravel/framework/src/Illuminate/Routing/Route.php:176
        • 22. /vendor/laravel/framework/src/Illuminate/Routing/Router.php:681
      • select * from `categories` where `categories`.`id` = 2 limit 1
        520μsview::themes.avc1.single:26avc_staging_db
        Metadata
        Bindings
        • 0. 2
        Backtrace
        • 20. view::themes.avc1.single:26
        • 22. /vendor/laravel/framework/src/Illuminate/View/Engines/CompilerEngine.php:59
        • 23. /vendor/laravel/framework/src/Illuminate/View/View.php:143
        • 24. /vendor/laravel/framework/src/Illuminate/View/View.php:126
        • 25. /vendor/laravel/framework/src/Illuminate/View/View.php:91
      • select * from `settings` order by `order` asc
        570μs/vendor/tcg/voyager/src/Voyager.php:238avc_staging_db
        Metadata
        Backtrace
        • 14. /vendor/tcg/voyager/src/Voyager.php:238
        • 15. /vendor/laravel/framework/src/Illuminate/Support/Facades/Facade.php:261
        • 16. /vendor/tcg/voyager/src/Helpers/helpers.php:6
        • 19. /vendor/laravel/framework/src/Illuminate/View/Engines/CompilerEngine.php:59
        • 20. /vendor/laravel/framework/src/Illuminate/View/View.php:143
      TCG\Voyager\Models\Setting
      20
      App\Category
      1
      App\Post
      1
          _token
          axP6kcvA64nXbCuvkWX315N89myTmSZq6v5uT2aW
          _previous
          array:1 [ "url" => "https://avcstaging.arecontvisioncostar.com/news/cyber-security-and-ip-cameras-...
          _flash
          array:2 [ "old" => [] "new" => [] ]
          PHPDEBUGBAR_STACK_DATA
          []
          path_info
          /news/cyber-security-and-ip-cameras-everyone-s-concern
          status_code
          200
          status_text
          OK
          format
          html
          content_type
          text/html; charset=UTF-8
          request_query
          []
          request_request
          []
          request_headers
            0 of 0   
          array:24 [
  "cf-ipcountry" => array:1 [
    0 => "US"
  ]
  "cf-connecting-ip" => array:1 [
    0 => "3.15.20.220"
  ]
  "cdn-loop" => array:1 [
    0 => "cloudflare; loops=1"
  ]
  "sec-fetch-site" => array:1 [
    0 => "none"
  ]
  "accept" => array:1 [
    0 => "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"
  ]
  "user-agent" => array:1 [
    0 => "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)"
  ]
  "upgrade-insecure-requests" => array:1 [
    0 => "1"
  ]
  "sec-ch-ua-platform" => array:1 [
    0 => ""Windows""
  ]
  "sec-ch-ua-mobile" => array:1 [
    0 => "?0"
  ]
  "sec-ch-ua" => array:1 [
    0 => ""Chromium";v="130", "HeadlessChrome";v="130", "Not?A_Brand";v="99""
  ]
  "cache-control" => array:1 [
    0 => "no-cache"
  ]
  "pragma" => array:1 [
    0 => "no-cache"
  ]
  "sec-fetch-dest" => array:1 [
    0 => "document"
  ]
  "cf-ray" => array:1 [
    0 => "93c2a0509fa4f84d-SJC"
  ]
  "accept-encoding" => array:1 [
    0 => "gzip, br"
  ]
  "priority" => array:1 [
    0 => "u=0, i"
  ]
  "sec-fetch-user" => array:1 [
    0 => "?1"
  ]
  "sec-fetch-mode" => array:1 [
    0 => "navigate"
  ]
  "cf-visitor" => array:1 [
    0 => "{"scheme":"https"}"
  ]
  "connection" => array:1 [
    0 => "close"
  ]
  "x-forwarded-proto" => array:1 [
    0 => "https"
  ]
  "x-forwarded-for" => array:1 [
    0 => "3.15.20.220, 172.71.159.31"
  ]
  "x-server-addr" => array:1 [
    0 => "159.65.79.202"
  ]
  "host" => array:1 [
    0 => "avcstaging.arecontvisioncostar.com"
  ]
]
          request_server
            0 of 0   
          array:55 [
  "USER" => "avcstaging"
  "HOME" => "/home/avcstaging"
  "SCRIPT_NAME" => "/index.php"
  "REQUEST_URI" => "/news/cyber-security-and-ip-cameras-everyone-s-concern"
  "QUERY_STRING" => ""
  "REQUEST_METHOD" => "GET"
  "SERVER_PROTOCOL" => "HTTP/1.0"
  "GATEWAY_INTERFACE" => "CGI/1.1"
  "REDIRECT_URL" => "/news/cyber-security-and-ip-cameras-everyone-s-concern"
  "REMOTE_PORT" => "42274"
  "SCRIPT_FILENAME" => "/home/avcstaging/webapps/app-avcstaging/public/index.php"
  "SERVER_ADMIN" => "you@example.com"
  "CONTEXT_DOCUMENT_ROOT" => "/home/avcstaging/webapps/app-avcstaging/public/"
  "CONTEXT_PREFIX" => ""
  "REQUEST_SCHEME" => "http"
  "DOCUMENT_ROOT" => "/home/avcstaging/webapps/app-avcstaging/public/"
  "REMOTE_ADDR" => "172.71.159.31"
  "SERVER_PORT" => "80"
  "SERVER_ADDR" => "127.0.0.1"
  "SERVER_NAME" => "avcstaging.arecontvisioncostar.com"
  "SERVER_SOFTWARE" => "Apache/2.4.62 (Unix) OpenSSL/1.0.2g"
  "SERVER_SIGNATURE" => ""
  "LD_LIBRARY_PATH" => "/RunCloud/Packages/apache2-rc/lib"
  "PATH" => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
  "HTTP_CF_IPCOUNTRY" => "US"
  "HTTP_CF_CONNECTING_IP" => "3.15.20.220"
  "HTTP_CDN_LOOP" => "cloudflare; loops=1"
  "HTTP_SEC_FETCH_SITE" => "none"
  "HTTP_ACCEPT" => "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"
  "HTTP_USER_AGENT" => "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)"
  "HTTP_UPGRADE_INSECURE_REQUESTS" => "1"
  "HTTP_SEC_CH_UA_PLATFORM" => ""Windows""
  "HTTP_SEC_CH_UA_MOBILE" => "?0"
  "HTTP_SEC_CH_UA" => ""Chromium";v="130", "HeadlessChrome";v="130", "Not?A_Brand";v="99""
  "HTTP_CACHE_CONTROL" => "no-cache"
  "HTTP_PRAGMA" => "no-cache"
  "HTTP_SEC_FETCH_DEST" => "document"
  "HTTP_CF_RAY" => "93c2a0509fa4f84d-SJC"
  "HTTP_ACCEPT_ENCODING" => "gzip, br"
  "HTTP_PRIORITY" => "u=0, i"
  "HTTP_SEC_FETCH_USER" => "?1"
  "HTTP_SEC_FETCH_MODE" => "navigate"
  "HTTP_CF_VISITOR" => "{"scheme":"https"}"
  "HTTP_CONNECTION" => "close"
  "HTTP_X_FORWARDED_PROTO" => "https"
  "HTTP_X_FORWARDED_FOR" => "3.15.20.220, 172.71.159.31"
  "HTTP_X_SERVER_ADDR" => "159.65.79.202"
  "HTTP_HOST" => "avcstaging.arecontvisioncostar.com"
  "HTTPS" => "on"
  "REDIRECT_STATUS" => "200"
  "REDIRECT_HTTPS" => "on"
  "FCGI_ROLE" => "RESPONDER"
  "PHP_SELF" => "/index.php"
  "REQUEST_TIME_FLOAT" => 1746640924.3222
  "REQUEST_TIME" => 1746640924
]
          request_cookies
          []
          response_headers
            0 of 0   
          array:7 [
  "content-type" => array:1 [
    0 => "text/html; charset=UTF-8"
  ]
  "cache-control" => array:1 [
    0 => "private, must-revalidate"
  ]
  "date" => array:1 [
    0 => "Wed, 07 May 2025 18:02:04 GMT"
  ]
  "pragma" => array:1 [
    0 => "no-cache"
  ]
  "expires" => array:1 [
    0 => -1
  ]
  "set-cookie" => array:2 [
    0 => "XSRF-TOKEN=eyJpdiI6IkF2QU83XC9XVUVBZ013bmRGRDFBK3hRPT0iLCJ2YWx1ZSI6Ik93ZjJnUE8zRGhRVFF3ek1PMWFiYlwvU3N6NGV4dTJib1wvaU5kQTdMNWt2NWlFUUJ6RVNrd0dCXC9QZnl6VmlUdmVCdHpWMllPSWV5VVc3TXl5b080dDhFSk81SzdyNkpcLzlETkR4TnRqRHp2YnNOM2tITzcwQndTc1lsVkVIeEFWSiIsIm1hYyI6IjBkYzE2YzE0NWZjMTUwNDJiMzUyMmVlOWQyZTg5NWQwMjBiYTU4ODY5OTk5NTVjZDY0ODk5ZGRlMTE5NjE5ODkifQ%3D%3D; expires=Wed, 07-May-2025 20:02:04 GMT; Max-Age=7200; path=/XSRF-TOKEN=eyJpdiI6IkF2QU83XC9XVUVBZ013bmRGRDFBK3hRPT0iLCJ2YWx1ZSI6Ik93ZjJnUE8zRGhRVFF3ek1PMWFiYlwvU3N6NGV4dTJib1wvaU5kQTdMNWt2NWlFUUJ6RVNrd0dCXC9QZnl6VmlUdmVCd"
    1 => "avcostar_session=eyJpdiI6ImUwQUJ1V1F5Q21UN2JWWWFNUFBjekE9PSIsInZhbHVlIjoiZnRNOUVYZ09ZU2dwTU9rWUFMcFE3ZmRRQkMzaXo4OVhDUzlYSkxKRVoySzgwV1hNQnJ6U0J6Y3NmdnBuXC9IU2QrNUQ2c0RcL25GTWNpdHJyYjVYWUtwSnBVQnVicnZmcmI3N1VEXC9rYmNxZUx3UHpaTEQ5U3BJTzkxcCtKc1wvbmhKIiwibWFjIjoiMTYxZmQ3NDFiMjE0NjU0YTA2ZTdhN2NlNDY5NWFhMDk2Yjk4MDRmMTg2ZTJmNmY5MGU4ZGVkZjlmOWI5ZmU4NiJ9; expires=Wed, 07-May-2025 20:02:04 GMT; Max-Age=7200; path=/; httponlyavcostar_session=eyJpdiI6ImUwQUJ1V1F5Q21UN2JWWWFNUFBjekE9PSIsInZhbHVlIjoiZnRNOUVYZ09ZU2dwTU9rWUFMcFE3ZmRRQkMzaXo4OVhDUzlYSkxKRVoySzgwV1hNQnJ6U0J6Y3NmdnBuXC9IU2Q"
  ]
  "Set-Cookie" => array:2 [
    0 => "XSRF-TOKEN=eyJpdiI6IkF2QU83XC9XVUVBZ013bmRGRDFBK3hRPT0iLCJ2YWx1ZSI6Ik93ZjJnUE8zRGhRVFF3ek1PMWFiYlwvU3N6NGV4dTJib1wvaU5kQTdMNWt2NWlFUUJ6RVNrd0dCXC9QZnl6VmlUdmVCdHpWMllPSWV5VVc3TXl5b080dDhFSk81SzdyNkpcLzlETkR4TnRqRHp2YnNOM2tITzcwQndTc1lsVkVIeEFWSiIsIm1hYyI6IjBkYzE2YzE0NWZjMTUwNDJiMzUyMmVlOWQyZTg5NWQwMjBiYTU4ODY5OTk5NTVjZDY0ODk5ZGRlMTE5NjE5ODkifQ%3D%3D; expires=Wed, 07-May-2025 20:02:04 GMT; path=/XSRF-TOKEN=eyJpdiI6IkF2QU83XC9XVUVBZ013bmRGRDFBK3hRPT0iLCJ2YWx1ZSI6Ik93ZjJnUE8zRGhRVFF3ek1PMWFiYlwvU3N6NGV4dTJib1wvaU5kQTdMNWt2NWlFUUJ6RVNrd0dCXC9QZnl6VmlUdmVCd"
    1 => "avcostar_session=eyJpdiI6ImUwQUJ1V1F5Q21UN2JWWWFNUFBjekE9PSIsInZhbHVlIjoiZnRNOUVYZ09ZU2dwTU9rWUFMcFE3ZmRRQkMzaXo4OVhDUzlYSkxKRVoySzgwV1hNQnJ6U0J6Y3NmdnBuXC9IU2QrNUQ2c0RcL25GTWNpdHJyYjVYWUtwSnBVQnVicnZmcmI3N1VEXC9rYmNxZUx3UHpaTEQ5U3BJTzkxcCtKc1wvbmhKIiwibWFjIjoiMTYxZmQ3NDFiMjE0NjU0YTA2ZTdhN2NlNDY5NWFhMDk2Yjk4MDRmMTg2ZTJmNmY5MGU4ZGVkZjlmOWI5ZmU4NiJ9; expires=Wed, 07-May-2025 20:02:04 GMT; path=/; httponlyavcostar_session=eyJpdiI6ImUwQUJ1V1F5Q21UN2JWWWFNUFBjekE9PSIsInZhbHVlIjoiZnRNOUVYZ09ZU2dwTU9rWUFMcFE3ZmRRQkMzaXo4OVhDUzlYSkxKRVoySzgwV1hNQnJ6U0J6Y3NmdnBuXC9IU2Q"
  ]
]
          session_attributes
            0 of 0   
          array:4 [
  "_token" => "axP6kcvA64nXbCuvkWX315N89myTmSZq6v5uT2aW"
  "_previous" => array:1 [
    "url" => "https://avcstaging.arecontvisioncostar.com/news/cyber-security-and-ip-cameras-everyone-s-concern"
  ]
  "_flash" => array:2 [
    "old" => []
    "new" => []
  ]
  "PHPDEBUGBAR_STACK_DATA" => []
]