Tuesday, December 10, 2024

Hackers Target CCTV Camera Security Flaws: Protect Your Footage

Share

- Advertisement -

Recent reports reveal cybercriminals are exploiting security flaws in CCTV cameras, allowing unauthorized access to live footage and device controls.

These attacks have exposed two major zero-day vulnerabilities in network-enabled pan-tilt-zoom (PTZ) cameras from various manufacturers, according to cybersecurity firm GreyNoise.

The vulnerabilities are tracked as CVE-2024-8956, a critical flaw rated 9.1, and CVE-2024-8957, a high-risk issue rated 7.2. Both flaws enable hackers to control video feeds, disable certain camera functions, and even hijack cameras to create botnets.

With PTZ cameras used in environments from industrial facilities to courtrooms and hospitals, the security risks are significant. Let’s look at how these vulnerabilities work and what can be done to secure your devices.

Affected Camera Models and Firmware

The affected devices are primarily high-cost PTZ cameras that operate using VHD PTZ firmware versions below 6.3.40.

This firmware is commonly used in models from PTZOptics, Multicam Systems SAS, and SMTAV Corporation, all of which rely on the Hisilicon Hi3516A V600 SoC.

- Advertisement -

These models are often used in high-definition video streaming and telehealth applications, making them essential in many professional and public settings.

While some affected devices have received security patches, others remain exposed. PTZOptics, for example, released a patch for several models on September 17, 2024, but older models like the PT20X-NDI-G2 and PT12X-NDI-G2 have reached their end of life and will not receive security updates.

Newer models, such as the PT20X-SE-NDI-G3 and PT30X-SE-NDI-G3, are still awaiting fixes.

It is highly advised that users consult with their camera manufacturer to verify if updates are available for their model.

The Extent of the Vulnerabilities

These security flaws allow attackers full control over the devices, which extends beyond merely watching video feeds. Hackers can manipulate the camera’s functions, disable specific operations, or incorporate the devices into larger botnets.

This could lead to widespread security issues, especially for businesses and public institutions relying on PTZ cameras for real-time monitoring and high-definition streaming.

- Advertisement -

For example, in industrial plants where PTZ cameras monitor machinery, unauthorized access could allow attackers to observe processes, potentially compromising sensitive data or even sabotaging equipment.

In healthcare, where cameras assist with telemedicine and surgical broadcasts, such breaches could expose patient privacy and disrupt medical procedures.

Institutions such as courts and government facilities are particularly vulnerable, as they often use these devices to live-stream proceedings.

Why Patches Are Delayed

Patching these devices has proven to be challenging. Some affected camera models are older and no longer supported by manufacturers.

This “end-of-life” status means these devices will not receive security updates, leaving them vulnerable to exploitation.

For users still operating end-of-life models, it may be necessary to upgrade to a supported device to ensure data protection and operational security.

- Advertisement -

Current models awaiting patches are another concern. With hackers actively targeting these flaws, timely updates are critical to preventing unauthorized access.

GreyNoise suggests that more devices could be affected than initially identified, so users should stay vigilant and consider security measures such as firewall configuration or segmentation for networked cameras.

Steps to Protect Your Surveillance System

Given the active exploitation of these vulnerabilities, users should prioritize security checks and updates. Below are some key steps to enhance your camera security:

  • Update Firmware Regularly: Ensure your camera firmware is up-to-date. Check with your manufacturer to see if a patch has been released for CVE-2024-8956 and CVE-2024-8957.
  • Limit Remote Access: Reduce the exposure of these devices by disabling unnecessary network services or restricting remote access via VPNs or other secure methods.
  • Use Network Segmentation: Place your surveillance cameras on a separate network segment to prevent hackers from gaining broader access to other systems.
  • Monitor for Suspicious Activity: Use monitoring tools to detect unusual activity in your network that might indicate unauthorized access to the cameras.
- Advertisement -
Emily Parker
Emily Parker
Emily Parker is a seasoned tech consultant with a proven track record of delivering innovative solutions to clients across various industries. With a deep understanding of emerging technologies and their practical applications, Emily excels in guiding businesses through digital transformation initiatives. Her expertise lies in leveraging data analytics, cloud computing, and cybersecurity to optimize processes, drive efficiency, and enhance overall business performance. Known for her strategic vision and collaborative approach, Emily works closely with stakeholders to identify opportunities and implement tailored solutions that meet the unique needs of each organization. As a trusted advisor, she is committed to staying ahead of industry trends and empowering clients to embrace technological advancements for sustainable growth.

Read More

Trending Now