Avatar photo

Contributor

Author Bio ▼

Adam Bannister is a contributor to IFSEC Global, having been in the role of Editor from 2014 through to November 2019. Adam also had stints as a journalist at cybersecurity publication, The Daily Swig, and as Managing Editor at Dynamis Online Media Group.
September 21, 2016

Download

State of Physical Access Trend Report 2024

CCTV hacking threat: Hanwha Techwin reassures customers and calls for collaboration across the supply chain

The CCTV hacking threat was brought into sharp focus last week by a Times investigation into overseas involvement in UK critical infrastructure and the video surveillance industry.

Responding to the story the BSIA CCTV section has urged CCTV operators to do more to safeguard their systems against cyber attack, including changing the manufacturer’s default credentials.

IFSEC Global reported in March on a study that found major security vulnerabilities in modern CCTV systems.

We asked an influential figure at one of the biggest network camera manufacturers in the market if he could reassure customers that they were taking action to remove potential security ‘back doors’ from their products. Tim Biddulph, head of product management for Hanwha Techwin Europe, also reflects on what the industry as a whole must do to “remain one step ahead of the hackers”.

hanwha techwin wisenet HD

Hanwha Techwin’s WiseNet HD range

Hanwha Techwin makes security a fundamental camera feature. It’s taken into account at the start of camera design process and not just treated as an optional feature

Tim Biddulph, head of product management, Hanwha Techwin Europe

Tim Biddulph, head of product management, Hanwha Techwin Europe

IFSEC Global: Hello, Tim. How big an issue is the CCTV hacking threat?

Tim Biddulph: There are two distinct issues here that need to be handled in different ways.

Using an intentionally created ‘back door’ to gain access to a camera, recorder or network can be managed through company policy. Hanwha Techwin recognised this in 2012 when we removed a function used for remote customer support that had the potential to be exploited.

We upgraded firmware for every model, started third-party agency testing and since then this policy has remained in effect.

Hacking uses password or other exploits to gain access to a camera maliciously. Incidents of hacking have both economic and social implications, but if the security sector responds quickly we can manage the problem and ensure it doesn’t become a critical issue for users.

Most password standards are very simple, but it’ss surprising how many manufacturers have not built them into their products

IG: How do you stop hackers from breaking into a security camera system using sophisticated techniques?

TB: The approach Hanwha Techwin takes is to make security a fundamental camera feature. It’s taken into account at the start of camera design process and not just treated as an optional feature.

IG: What does that mean in reality?

TB: It means our cameras incorporate best practice with reasonable measures to prevent unauthorised access to images and data. It is important not to be complacent and so we are constantly monitoring and testing the latest methods of hacking using third-party security agencies.

When necessary we release new firmware to counter the latest threats.

Whilst we appreciate that security needs to be easy to implement, it is essential that there should be auto-enforced standards in respect of passwords.

IG: What are those password standards?

TB: Most of them are very simple, but it is surprising how many manufacturers have not built them into their products. They include prohibiting the consecutive use of the same letter or number and enforcing the use of special characters as well as a combination of letters and numbers.

It is vital that manufacturers force the setting up of a secure password during the initial installation process. 

IG: Apart from password protection, what else can be done to prevent hacking?

TB: There are some ‘physical’ solutions available. For example, LINKLOCK is a device manufactured by Veracity which provides a barrier to all unauthorised network access.

It does so by blocking connections to any cable or equipment that has been tampered with or disconnected. This makes it an ideal protection measure for security critical installations such as banks, where network cabling or video surveillance equipment might be located externally.

 IG: How would you summarise the current state of play with regard to the threat posed to the credibility of the security camera systems?

TB: There have been some recent high profile examples of hacking which have occurred simply because sensible password protocols were not implemented. Whilst the majority of cameras are not installed for mission critical or high security purposes where military level encryption may be required, users are entitled to secure video surveillance systems.

It’s a problem that is not going away unless the entire supply chain – ie system designers, installers, distributors and manufacturers – collaborate and share information so that we always remain one step ahead of the hackers.

We would urge all manufacturers to follow the lead we are taking on this. In addition to the security functionality built into our cameras, we are ensuring through our training programmes that password protection is at the top of the list of priorities when installers and systems integrators commission cameras and recording devices.

 

Free Download: The Video Surveillance Report 2023

Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!

Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.

VideoSurveillanceReport-FrontCover-23

Related Topics

Subscribe
Notify of
guest
2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Apple customer support
Apple customer support
June 30, 2017 12:54 pm

CCTV hacking is a new source of earning income by Hackers.Thanks for letting us know about it in a comprehensive way.