How to replace the live feed of a surveillance camera just like in movies

With the growth of the Internet of Things (IoT) technology also increased cybersecurity risks in environments where this technology is deployed. According to network security experts, there is a risk due to the low attention that administrators pay to these devices, the lack of a standardized operating system, the use of unencrypted protocols, and the possibility of connecting between devices within or out of a network. 

A very clear example of this potential danger is smart buildings. In these kinds of environments, devices with Internet access communicate with each other to share the state around them, understand ambient temperature, access control, and even command exchange to perform basic actions, such as turning on and turn off the lights. The advancement of this technology has made it increasingly accessible and easy to implement in an organization.

Greater deployment of IoT devices means a greater margin of risk. According to network security experts, most of the time these computers do not have the necessary security features, so new vulnerabilities are often encountered. In addition to this, malicious practices of users, such as the use of default passwords or the absence of encryption in the traffic of these computers, simply worsen the landscape.

One particularly troubling case is surveillance cameras. Most of those operate with very unsafe protocols, such as real-time transport (RTP) and real-time streaming protocol (RTSP). In addition, those responsible for installing, configuring, and managing these systems have limited or no knowledge of cybersecurity issues. This is particularly worrying due to the convergence between information technology and operating technology, which has made it possible for systems such as surveillance cameras to be exploited by hackers to gain unauthorized access.

A recently published research has delved into the potential risks associated with IoT devices and surveillance systems. Forescout network security experts described how it is possible to compromise surveillance cameras, lighting systems, and more IoT implementations.

Just like in movies, experts replaced the live feed of a surveillance camera with a past recording, which could be used for malicious purposes at critical points, such as airports, hospitals or prisons. The attack was realized with only four steps:

  • The attack began by launching a Man-in-the-Middle (MiTM) on the target network, using ARP poisoning to detect and hijack network traffic
  • Experts intercepted network traffic transmitting camera images and recorded a portion that would be used after
  • The camera was forced to cut off its transmission with its associated Network Video Recorder (NVR)
  • The next time the NVR initiated a new camera session, experts intercepted that request and modified the client’s port, bringing the camera transmission to the hacker-controlled port. Since the NVR will not receive any video, it will try to set up a new connection so that the attacker can send the captured recording in the second step to the NVR

According to network security specialists from the International Institute of Cyber Security (IICS) although there are some methods to mitigate the risk of attack, it is not always possible to apply them to IoT devices.

Organizations with a special focus on the implementation of IoT devices need to work on creating up-to-date cybersecurity policies and strategies to mitigate the potential risk of some variant of targeted cyberattack against this technology.