Video over IP offers many benefits but it also introduces privacy and security concerns, with hackers seeing it as a badge of honour to hack into video monitoring systems. Recent articles have highlighted concerns about the potential for a foreign power to cyber attack security cameras in order to gain access to the images captured by the camera, or as a way into an organisation’s network in order to steal confidential information or commit sabotage.
We asked Bob (H.Y.) Hwang PH.D., Managing Director of Hanwha Techwin Europe, if he felt the recent negative publicity was likely to have an effect on users’ confidence in their video monitoring systems.
Q: Mr Hwang, how big an issue is this?
A: There are two distinct issues here that need to be handled in different ways.
Using an intentionally created ‘back door’ to gain access to a camera, recorder or network can be managed through company policy. Hanwha Techwin recognised this in 2012 when we removed a function used for remote customer support that had the potential to be exploited. We upgraded firmware for every model, started third party agency testing and since then this policy has remained in effect.
Hacking uses password or other exploits to gain access to a camera maliciously. Incidents of hacking have both economic and social implications but if the security sector responds quickly we can manage the problem and ensure it doesn’t become a critical issue for users.
Q: How do you stop hackers from using their sophisticated techniques to break into a security camera system?
A: The approach Hanwha Techwin takes is to make security a fundamental camera feature. It’s taken into account at the start of camera design process and not just treated as an optional feature.
Q: What does that mean in reality?
A: It means our cameras incorporate best practice with reasonable measures to prevent unauthorised access to images and data. It is important not to be complacent and so we are constantly monitoring and testing the latest methods of hacking using third party security agencies. When necessary we release new firmware to counter the latest threats.
While we appreciate that security needs to be easy to implement, it is essential that there should be auto-enforced standards in respect of passwords.
Q: What are those password standards?
A: Most of them are very simple, but it is surprising how many manufactures have not built them into their products. They include prohibiting the consecutive use of the same letter or number and enforcing the use of special characters as well as a combination of letters and numbers. It is vital that manufacturers force the setting up of a secure password during the initial installation process.
Q: Apart from password protection, what else can be done to prevent hacking?
A: There are some ‘physical’ solutions available, For example, LINKLOCK™ is a device manufactured by Veracity which provides a barrier to all unauthorised network access. It does so by blocking connections to any cable or equipment that has been tampered with or disconnected. This makes it an ideal protection measure for security critical installations such as banks, where network cabling or video surveillance equipment might be located externally.
Q: How would you summarise the current state of play with regard to the threat posed to the credibility of the security camera systems?
A: There have been some recent high profile examples of hacking which have occurred simply because sensible password protocols were not implemented. Whilst the majority of cameras are not installed for mission critical or high security purposes where military level encryption may be required, users are entitled to secure video surveillance systems. It’s a problem that is not going away unless the entire supply chain, i.e. system designers, installers, distributors and manufacturers collaborate and share information so that we always remain one step ahead of the hackers.
We would urge all manufacturers to follow the lead we are taking on this. In addition to the security functionality built into our cameras, we are ensuring through our training programmes that password protection is on the top of the list of priorities when installers and systems integrators commission cameras and recording devices.