Adam Bannister

Editor, IFSEC Global

Author Bio ▼

Adam Bannister is editor of IFSEC Global. A former managing editor at Dynamis Online Media Group, he has been at the helm of the UK's leading fire and security publication since 2014.
September 21, 2016

Sign up to free email newsletters

Download

Mobile access series #1: What you need to know

CCTV hacking threat: Hanwha Techwin reassures customers and calls for collaboration across the supply chain

The CCTV hacking threat was brought into sharp focus last week by a Times investigation into overseas involvement in UK critical infrastructure and the video surveillance industry.

Responding to the story the BSIA CCTV section has urged CCTV operators to do more to safeguard their systems against cyber attack, including changing the manufacturer’s default credentials.

IFSEC Global reported in March on a study that found major security vulnerabilities in modern CCTV systems.

We asked an influential figure at one of the biggest network camera manufacturers in the market if he could reassure customers that they were taking action to remove potential security ‘back doors’ from their products. Tim Biddulph, head of product management for Hanwha Techwin Europe, also reflects on what the industry as a whole must do to “remain one step ahead of the hackers”.

hanwha techwin wisenet HD

Hanwha Techwin’s WiseNet HD range

Hanwha Techwin makes security a fundamental camera feature. It’s taken into account at the start of camera design process and not just treated as an optional feature

Tim Biddulph, head of product management, Hanwha Techwin Europe

Tim Biddulph, head of product management, Hanwha Techwin Europe

IFSEC Global: Hello, Tim. How big an issue is the CCTV hacking threat?

Tim Biddulph: There are two distinct issues here that need to be handled in different ways.

Using an intentionally created ‘back door’ to gain access to a camera, recorder or network can be managed through company policy. Hanwha Techwin recognised this in 2012 when we removed a function used for remote customer support that had the potential to be exploited.

We upgraded firmware for every model, started third-party agency testing and since then this policy has remained in effect.

Hacking uses password or other exploits to gain access to a camera maliciously. Incidents of hacking have both economic and social implications, but if the security sector responds quickly we can manage the problem and ensure it doesn’t become a critical issue for users.

Most password standards are very simple, but it’ss surprising how many manufacturers have not built them into their products

IG: How do you stop hackers from breaking into a security camera system using sophisticated techniques?

TB: The approach Hanwha Techwin takes is to make security a fundamental camera feature. It’s taken into account at the start of camera design process and not just treated as an optional feature.

IG: What does that mean in reality?

TB: It means our cameras incorporate best practice with reasonable measures to prevent unauthorised access to images and data. It is important not to be complacent and so we are constantly monitoring and testing the latest methods of hacking using third-party security agencies.

When necessary we release new firmware to counter the latest threats.

Whilst we appreciate that security needs to be easy to implement, it is essential that there should be auto-enforced standards in respect of passwords.

IG: What are those password standards?

TB: Most of them are very simple, but it is surprising how many manufacturers have not built them into their products. They include prohibiting the consecutive use of the same letter or number and enforcing the use of special characters as well as a combination of letters and numbers.

It is vital that manufacturers force the setting up of a secure password during the initial installation process. 

IG: Apart from password protection, what else can be done to prevent hacking?

TB: There are some ‘physical’ solutions available. For example, LINKLOCK is a device manufactured by Veracity which provides a barrier to all unauthorised network access.

It does so by blocking connections to any cable or equipment that has been tampered with or disconnected. This makes it an ideal protection measure for security critical installations such as banks, where network cabling or video surveillance equipment might be located externally.

 IG: How would you summarise the current state of play with regard to the threat posed to the credibility of the security camera systems?

TB: There have been some recent high profile examples of hacking which have occurred simply because sensible password protocols were not implemented. Whilst the majority of cameras are not installed for mission critical or high security purposes where military level encryption may be required, users are entitled to secure video surveillance systems.

It’s a problem that is not going away unless the entire supply chain – ie system designers, installers, distributors and manufacturers – collaborate and share information so that we always remain one step ahead of the hackers.

We would urge all manufacturers to follow the lead we are taking on this. In addition to the security functionality built into our cameras, we are ensuring through our training programmes that password protection is at the top of the list of priorities when installers and systems integrators commission cameras and recording devices.

 

Free Download: Cybersecurity and physical security systems: how to implement best practices

If you are involved in the operation or maintenance of physical security systems, this resource from Vanderbilt will help you choose the right equipment for staying diligent. It provides a five step process for strengthening the resilience of those systems against cyber-attack, as well as explaining what cyber-attacks mean in an interconnected world.

Discover the five step process now by clicking here.

Related Topics

2
Leave a Reply

avatar
2 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
1 Comment authors
Apple customer supportsfsdfsd Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
sfsdfsd
Guest
sfsdfsd
Apple customer support
Guest
Apple customer support

CCTV hacking is a new source of earning income by Hackers.Thanks for letting us know about it in a comprehensive way.

Sign up to free email newsletters