Ever feel like someone is watching you? If your business has security cameras, that’s the point, right? IP security cameras were built for that. Connect the camera to your network, and you can watch the feed from anywhere in the world as long as you have an Internet connection. Such is the age of the Internet of Things (IoT). Everything is connected. You can even view your refrigerator contents with the newer appliances.
Not-So-Secure Security Cameras
VDOO is a company aiming to be the Security Authority for all of those connected devices. They analyze any device they can get their hands on, and look for vulnerabilities. Unfortunately, VDOO found several security flaws in IP security cameras made by major network camera manufacturer, Axis Communications. These flaws can be found in nearly 400 models of Axis IP cameras.
What Can Happen?
When 3 of the flaws are used in conjunction, an attacker can gain full control of the camera. An attacker could perform multiple actions once gaining access to the camera, including the following:
- Watching the camera’s video stream
- Freezing the video stream
- Controlling the camera including motion and motion detection
- Include the camera as part of a botnet
- Make changes to the camera’s software
- Disable the camera entirely
- Use the camera to perform cyber attacks (DDos attacks and more)
- Infiltrate the rest of the network through the camera
Biggest Risk From IP Cameras
While anyone taking over your security camera is less than desirable, the last two items pose the greatest threat. They put any device on the same network at risk. Why does that matter? The attacker can compromise your servers or workstations and start stealing data from within your own network. From credit cards to personal information, attackers have the keys to your kingdom, and it all started with accessing a camera.
Prevent Security Camera Compromise
These vulnerabilities specific to Axis security cameras can be patched by updating the firmware on each camera. If you’re not keeping up with patching hardware like that, this is yet another reason why you need someone to take on those responsibilities. Security patches are always coming down the pipeline for all devices, and someone needs to ensure that those patches are installed. Combined with proper security hardware, you can lower your risk dramatically.
If you don’t currently have an IT professional on staff, or that department could use some assistance, please request a free consultation below. Our IT experts here at Pit Crew IT Services can help keep your hardware and software up-to-date and secure from the latest threats. The need for security isn’t going away, and the penalties for losing someone’s data are only going up. Get help today, and have one less thing to worry about.