Now You Too Can Break Into Security Cameras... Just Like In The Movies

What do the following movies have in common?

• Speed
• Entrapment
• Ocean’s 11

Well I think they were pretty enjoyable movies, and classic 90’s Sandra Bullock and Catherine Zeta Jones were certainly easy on the eye. The key scene in common that I had in mind though is this: Security camera’s being compromised - e.g. the ‘bad guys’ breaking into a camera and then having footage play on a “loop” so that they have their way.

Is this really possible though? How hard is it to compromise a security camera? Well, surprisingly and disconcertingly it turns out that cameras from a number of vendors are trivial to break into.

It seems the vendors of these cameras haven’t fully thought through the implications of their products being connected to the internet 24x7 and have therefore not placed much emphasis on the software security during their Quality Control processes. The more cynical view of course (and perhaps more accurate) is that in an effort to make a quick buck they don’t really care. Admittedly, if an attacker is determined and well funded enough they will find a way to break into any system online. However, what is revealed in a recent security research whitepaper shows that these are trivial vulnerabilities to exploit such as:

• Blindly Evaluating arbitrary code
• Broken Access Controls

If they required more cutting edge exploits then fine. But these?? Come on. These are not challenging for a script kiddie to pull off. I think we all expect a lot better security around a product that has the word ‘security’ or ‘surveillance’ in its name.

If you’d like the link to the security paper please just contact me by posting a comment.