How to Protect Your Security System from Vulnerabilities
Compared to other modern devices, security cameras are old. By this, we mean that they have existed in some form since before the world adopted widespread network access and connectivity. So, unlike digital-native technology and even smartphones, they have been forced to evolve and adapt over time to this newer era full of cyberattacks, exploits, and vulnerabilities.
The best practices of the past have had to be updated and modernized, not just in a technological sense but to keep up with new threats. Today’s best video surveillance cameras are definitely up to the challenge. They are very secure — in the right circumstances. But as with all connected devices, nothing is foolproof. Dangers still lurk, and all end users must take the right precautions and fully understand their security systems in order to stay safe.
Jump to each section to learn more:
How to Secure Your Surveillance Camera
• How to Store Data Securely
• Understanding the Risk from NVR and DVR Systems
• How to Protect Data At Rest and In Transit
Data Security FAQs
• Can DVRs be hacked?
• What protects data at rest? What does it mean to encrypt data at rest?
• What does data in transit mean? Is it necessary to encrypt data in transit or only under certain circumstances?
• How can encryption be used to protect data?
How Do I Secure My Surveillance Camera?
Here are some considerations to be aware of when evaluating surveillance solutions.
Secure Data Storage
Data breaches are among the biggest cyber-threats for all companies today, and this makes secure data storage paramount for any enterprise operating a video camera security system. There is a wide range of items that should appear on any protection checklist as you look to purchase and operate cameras you can trust. A top priority for many users is using a security camera that encrypts data at rest and in transit. Other system and network protections — such as restricted access, defined user permissions, strong passwords, and two-factor authentication — are also fundamental to keeping your data protected. The key to it all is providing your IT department with a system that’s secure out of the box. What this means is your IT team won’t need to worry about opening ports and potentially creating vulnerabilities.
Risk from NVR (Network Video Recorder) and DVR (Digital Video Recorder) Systems
The traditional concept of CCTV was right there in the name: closed-circuit television. It was an isolated system “closed” off to the outside world and operated onsite. That alone made it very secure. The only main vulnerability came in the form of a physical break-in. But this, for obvious reasons, is no longer the norm in a digital world. Organizations now demand network connectivity and remote access. And the NVR- and DVR-based systems that were very secure when “air-gapped” become highly exploitable once they are hooked up to a network. (This is often due to the introduction of NVR port forwarding or DVR port forwarding.) Providers have worked to minimize these known vulnerabilities. And, with certain best practices and vigilant patching, end users can make them more secure. But studies from Symantec continue to show that DVRs are among the most attacked devices. Many companies using these systems do get by without serious breaches. But there is often an elevated security risk compared to many modern IP and hybrid-cloud systems on the market.
Data Encryption: Data At Rest and Data In Transit
There are two states for data within most video camera security systems: data at rest (static) and data in transit (moving). As a rule, data is generally considered to be less secure when in transit. Some savvy hackers, however, see data at rest on servers or hard drives as more valuable and employ a range of tactics to exploit both types. There are a range of encryption strategies that can be employed in both cases. There are encrypted connections, for example, used to protect data in transit (HTTPS, SSL, FTPS, TLS). For data at rest, companies can also rely on various forms of data encryption, video encryption, and encrypted cloud storage (potentially including variations such as end-to-end encrypted data, PKI encryption, AES encryption, and RSA encryption). The overall goal of strong encryption is to make sure that — no matter whether a malicious actor enters your network or gets their hands on your physical camera — they will find it impossible to extract your data from either the system or onboard storage.
Data Security FAQs
Can DVRs be hacked?
Yes. DVRs can be hacked. Through hacking tools (like this one called getDVR_Credentials) attackers can extract plaintext credentials for DVR systems and gain access to video data. Unless the DVR system is entirely air-gapped from the wider network (and most systems include DVR port forwarding), it will present some level of vulnerability.
Can NVRs be hacked?
Yes. Much like DVR-based systems, any NVR video surveillance camera system that is connected to the network will present some level of vulnerability to cyberattacks (especially if it includes NVR port forwarding).
When analyzing the security flaws present in IoT smart building devices (including NVRs and IP cameras), security researchers were able to successfully hack real video feeds and replace them with arbitrary footage. They did this by abusing the insecure real-time streaming protocols (RTSP) or real-time transport protocols (RTP) in IP cameras, which is easy for attackers who are already on the network. All it takes for a hacker to get in is a phishing email that targets the right victim.
What protects data at rest? What does it mean to encrypt data at rest?
Data at rest is any data stored statically within a camera itself or housed on an offsite server, hard drive, or other storage location. This differs from the “data in transit” that is being transmitted through the system or network. Encrypting this data is a common strategy to ensure that, even if a physical device or camera is hacked, the attackers will not be able to access it. Encryption provides an extra layer of security in case the initial protection strategies fail and there is a data breach.
What does data in transit mean? Is it necessary to encrypt data in transit or only under certain circumstances?
Data in transit can be thought of as “data in motion” — any data this is being transmitted through the system or network. This differs from “data at rest” that is stored statically within a camera itself or housed on an offsite server, hard drive, or other storage location. Encrypting data in transit is seen as a modern best practice by most security professionals, and video camera security systems often employ HTTPS/SSL encryption for data in transit.
How can encryption be used to protect data?
Because data breaches and cyber-attacks can be so harmful — to the bottom line, to reputation, and otherwise — encryption is now considered mandatory in many areas of data security. Video cameras are no different. Almost every modern, trustworthy camera manufacturer employs some level of data encryption by default.