Hey team - we hope you’re all safe and sound, staying indoors and healthy. While we’re all staying in quarantine for the meantime, we’ve recently heard of some issues related to IP security cameras.
Recently, some hacks exposed different security cameras and had their contents streamed to an offshore website which compromised the security of many Australians. The security cameras that were compromised are IP, or Internet Protocol security cameras, which can connect to the internet. It is for this exact reason that IP security cameras are great to have at home, but it's also the functionality that hackers have exploited.
We set out and gathered the opinion of experts and asked the important questions related to the use of IP security cameras and why you shouldn’t throw yours out the window just yet.
Our experts:
Sandra Yeow of Nucleo Consulting - with their ongoing Cyber Awareness courses that can help you protect yourself on the internet. (
Lara Vandersluis of Quorum (part of the Cloud Collective), a leading Microsoft Gold IT consultancy firm specializing in Cyber Security,
Arni Hardarson, Head of Assurance from Pure Security, specialists in cybersecurity.
Adam Selwood, CTO of Cynch Security (https://cynch.com.au/)
We asked four questions with these experts in their field, asking for details and things that you can do immediately if you do own an IP security camera at home, or if you’re looking to get one for your home soon.
Without further ado, let’s get started.
Question 1: What’s the first thing you should do when you get a security camera with internet connectivity options?
Adam Selwood: “There are millions of Internet-connected devices online right now that are being used by hackers without their owner's knowledge.
Your best chance of preventing this from happening to something you own is to change the factory default password to something strong and long that only you know. Often this is something you'll need to log into the administrator interface to complete.
While you're in there you should also look into how to update the software or firmware, automatically if supported, to prevent future vulnerabilities causing problems down the road.”
Arni Hardarson: “As with any software or a system you connect to your network you need to ensure that all default factory settings such as passwords are changed and enforce a strong authentication (i.e using multi-factor authentication), ensure that all latest updates/patches are installed, and ensure that the access to the device is restricted to a trusted IP address.”
Lara Vandersluis: “Whenever any IoT based device is connected to the network, the first thing that should be done is to set a very strong password on the device and remove the default password immediately. This password should be nonsensical and contain mixed case, numbers, and special characters that are not easily guessed or easily hacked with password crackers. For example Iw2tM&S$100!, an easy way to remember this is to use a saying to recall each character, such as “I went 2 the Movies & Spent $100!”.
A strong password goes a long way.
The other things to do are to disable and or rename any default administrator accounts utilized by the system software. For example, renaming the default “admin” account to be something else. Also, some products may provide options to have additional levels of authentication enabled i.e. Multi-Factor Authentication or MFA. These should be enabled wherever available to ensure that user identity can be checked not only through the password and username but by another means i.e. text messages to an approved mobile. If the system also allows for traffic between the endpoint device and the host system to be encrypted then this should always be enabled as well. Most security systems encrypt all traffic by default but it is worth checking all default settings to ensure that the maximum security available is enabled.”“
Sandra Yeow: “It is extremely important to change the default password and IP address of the camera. Your password should be a complex alphanumeric that is ideally more than 12 characters. Do not lose this password or leave it lying around. Instead, you can use a password manager to remember complicated passwords.”
As the experts have mentioned in their answers above - make sure that you change the default authentication as soon as you get your security camera. They’re not always set & forget; any kind of machine has an inherent risk especially those that can connect to the internet.
Question 2: What are the things you should avoid when using security cameras that can connect to the internet?
Adam: Where practical, avoid exposing your camera directly to the internet. If your camera can be accessed by anyone with an Internet connection, it will be. Everything connected to the Internet is continuously scanned for security vulnerabilities by good and bad guys alike, so wherever possible limit what you're exposing in that way.
If you need to connect your camera to the Internet, avoid connecting it to the same network everything else you rely on is connected to. If your camera does get compromised, isolating it away from everything else can limit the impact it will have. If the camera connects via wifi, connecting it via a guest network instead of your normal internal network can be a good starting point.
Don’t leave things open for just anyone to connect to either. Review access permissions and avoid using features like sharing location data, as this could be used to see whether you are home or not.
Lastly, avoid treating your camera as a 'set and forget' device. Check periodically for any security updates that may need to be installed and make sure nothing odd is happening with it.
Arni: “Use factory defaults, the vast majority of breaches that occur are due to a default username/password. Additionally, you should avoid exposing it to the internet, ensure that it is only accessible from a trusted network”.
Lara: “IP Security Cameras are as safe as the configuration used to set them up. Many IP security cameras can be very safe if they are set up correctly with the right security settings to ensure that external parties are unable to gain access. This involves setting up the passwords, accounts, and connections to enforce as many levels of security (account, password, MFA, email; security, network encryption) as possible.”
Sandra: “User access control is necessary. Only allow people whom you authorise to access the app and make sure those are also tied to a strong complex password. It is important to make sure that the mobile devices used to access the app are factory reset with all data deleted before disposal or sale.”
"IP Security Cameras are as safe as the configuration used to set them up. Many IP security cameras can be very safe if they are set up correctly with the right security settings"
Question 3: Are IP security cameras unsafe to use in general?
Adam: ”Every technology carries with it an element of cyber risk. IP security cameras carry a number of risks not present in their less connected alternatives. The trade-off for that risk is the utility the technology comes with, something each of us needs to weigh up for our own circumstances.
The ACSC has recently published some guidelines worth reviewing against any Internet of Things devices you might be considering that can make IP security cameras a bit safer:
https://www.homeaffairs.gov.au/reports-and-pubs/files/code-of-practice.pdf
Most IP security cameras also come with software or mobile apps to connect with them. These apps also carry risks and can have security vulnerabilities in them so don't forget to keep them up to date as well.
Even non-IP based security cameras can be unsafe if placed in the wrong way or not monitored carefully. Everything you do to keep these types of devices safe should not be forgotten.”
Arni: “No, but as with any system/software you integrate you need to ensure that you follow best practices. It is also a good practice to do due diligence on the vendor to see if they have any vulnerability disclosure program in place for their product, this typically means that the vendor maturity level is quite high when it comes to security.”
.jpg)
Want to access your security camera away from home? Make sure that you're using a secure network.
Lara: “IP Security Cameras are as safe as the configuration used to set them up. Many IP security cameras can be very safe if they are setup correctly with the right security settings to ensure that external parties are unable to gain access. This involves setting up the passwords, accounts, and connections to enforce as many levels of security (account, password, MFA, email; security, network encryption) as possible.”
Sandra: “Anything that connects to the Internet isn’t safe, but we can’t avoid the tech world and live like a caveman. Instead of avoiding it, it is better to learn how to embrace it and even pick up a cyber awareness course like this to equip your knowledge better. ”
"Every technology carries with it an element of cyber risk. The trade-off for that risk is the utility the technology comes with, something each of us needs to weigh up for our own circumstances."
Question 4: Are there software that can help make IP security cameras more secure?
Adam: “Most of the solutions that will help secure your IP security cameras are going to be in the network they're connected to. Devices such as a firewall can help you control what your camera can talk to, and maybe available in your network already if you have a look.
You can also check to see what's exposed to the Internet from your network using services like Shodan and Censys. If anything shows up here you're not familiar with, look into ways of making them less easily discovered.
There are similar tools you can run inside your network that will check for vulnerabilities in anything connected. These tools can be tricky to interpret so reach out to a security professional if you have questions.”
Arni: ”I’d recommend using the utility that the vendor provides as that is usually the one you can trust. Once you are on a network as an attacker you often target those devices as they tend to be installed and left sitting their running with the factory defaults, so once you breach those devices they can act as any other device on the network with one additional feature (the camera).
So you can turn those devices into your own surveillance capability and potentially phish out sensitive data depending on where the camera is positioned, additionally, IP Cameras tend to not have the same monitoring as other devices on the network and that can allow the attacker to stay hidden for longer.”
Lara: “More so than any third-party software, strong network security and firewall policy will make access to the network that the camera operates on very difficult. In many instances, it is a weak network (unprotected WiFi network) and Identity (poor password or using default settings) that allows access to the camera system in rode rfr it to be compromised.”
Sandra: “I won’t say there is a particular software that can secure an IP camera, but the environment itself can be secured. The home router and every single device in the network have to follow the basic rule of having a complex password. It is also important to turn on the firewall on the router or even better, have a physical firewall. This is usually more common for corporate usage. The firewall will block intruders and can monitor the traffic as well.”
In closing
We hope you’ve learned a lot about IP security cameras from our cybersecurity experts. At the end of the day, what truly matters is how you use technology, as anything that can connect to the internet CAN be compromised and carries an inherent risk of breaching and tampering IF you don’t take the necessary precautions to protect it.
We guarantee that the steps above are in line with the ways we use to protect our IP security cameras from prying eyes and overly curious minds.
Our thanks again to our contributors, Adam Selwood, Arni Hardarson, Lara Vanderluis & Sandra Yeow. Be sure to visit their businesses via the links at the top of this article for your cybersecurity needs!
If you’re looking for security cameras, remember to shop smartly and from the comfort and safety of your home today with Elinz.
