If you have any access to the news at all today, you will probably have already heard about the killer zombie botnet that took down one of the larger web service providers DYN. This botnet (collection of hacked devices) flooded DYN servers with billions of bogus requests, causing delays and even crashes to many of the services that were hosted or provided for some pretty major websites. Security cameras were in part to blame for this major and foreboding attack. The first step towards ensuring your cameras are secure, is hiring the right company to help you design your system properly and select the right components.
Security Cameras, among other devices took down large portions of the internet last weekNow security cameras, in and of themselves are not the cause of the attack by any means, but inadequate knowledge of the technology during installation or application is largely to blame. In order to see how this happens, lets take a look at the security camera technology that is on the market first, how it got the way it is, and why this was inevitable.
Since the propagation of smart phones throughout the world, users have wanted faster and easier access to everything. This included the ability to see what was happening at their home or business while they were on the go. While some companies, like ours had been pioneering this level of access for years before the smart phone arrived, many companies began a mad-scramble to deliver access to their customers.
Many security cameras have built-in Peer to Peer access that allows easy access to hackersIn order to make access easy for their customers, many camera manufacturers have built-in direct access to the camera on any network. This type of access is called P2P (Peer to Peer) access. It does not involve any setup on the network at all, as soon as the camera is connected to the network, it contacts an off-site server to let it know the camera is live, and continues contacting that server at intervals to check for any inbound connections. Users simply download an app that connects to that off site server to look for their camera, usually identified by a serial number and password. This is dangerous, and even a little bit creepy!
Technically, this means that your camera is always using your internet connection to connect to an outside server somewhere in the world that was set up by the camera manufacturers, which now contains all of the information that is needed for any 3rd party to connect into the camera directly. The only weak level of security is the password that is set on the camera. The main problem: most people never even change that password. This means that by installing a security camera with P2P access, you have invited anyone with a grade-school level of hacking skills into your living room, bed room or other location to watch everything you are doing…that is creepy.
Unfortunately, this is not even where the danger ends as shown by recent events. These cameras, when left with internet access, are essentially small, unprotected computers that are sitting open on the internet, actively asking a server to connect into them. The P2P technology was designed for ease of access by the end user, allowing the cameras to bypass any firewall or router that is in place effectively…devices that are there to help protect your network and computers.
Once a hacker is able to connect into the camera, they have demonstrated that they can get into the basal software built into these cameras to reprogram them to do their bidding as a part of a zombie botnet. This was bound to happen just based on the fact that this technology was DESIGNED to bypass security in the first place. Ease of access often trumps security for the general public.
This is why hiring the right company to assist you with your security camera system design, and why we have been helping people set up camera systems the right way, knowing full well that eventually a problem would arise with these fly-by-night companies and bargain basement cameras that are sold in big box stores. We have gotten the question for years “Why are the cameras at (fill in the blank) so cheap? – Couldn’t I just install those?” Yes, you can install those, but there have always been CRITICAL differences in the technology and setup. Now with security breaches and all out attacks on the internet, those problems are becoming very evident. I am almost glad (almost) that these attacks occurred, because it shows exactly what I have been telling people for 10 years to be true.
