The Growing Danger of Ignoring IP Camera Vulnerabilities

Industry sources estimate that there are more than 1 billion internet-connected cameras in use worldwide, with 85 million in the United States and more than 600 million in China. They’re CCTVs used to monitor secure areas, speed cameras on traffic lights, and video doorbells guarding entryways, to name a few use-cases for enterprises and consumers alike. 

These cameras are also used in policing, with the Metropolitan Police installing facial recognition cameras in London in March as part of their efforts to track down criminals. Advancements in facial recognition mean that more law enforcement agencies will likely begin to use these particular IP cameras as part of their work. Moreover, these cameras can be used to secure sensitive sites such as laboratories and other restricted areas within businesses and government buildings as well. Notably, because of the computation required for video processing, these cameras often have significant compute, storage, and network access. These are attractive to criminals.

Unfortunately, IP cameras present a security risk for the average organization. These devices are not always built with security in mind, often being shipped with default passwords that can’t be changed before being connected to the internet, misconfigurations, or even software vulnerabilities from firmware that hasn’t been updated. Once a camera has been accessed, threat actors can attempt to download video and sell it on the Dark Web, use the exfiltrated video for information gathering, and frequently leverage the cameras for botnets or lateral movement. 

Security teams need to address the problems inherent in IP cameras, including patching vulnerabilities and password management, to ensure that they are secure.

Why IP Cameras are at Risk 

To understand why IP cameras present a security risk, it’s important to know how they work. In general, IP cameras operate on common protocols like the Real-Time Streaming Protocol (RTSP) and Open Network Video Interface Forum (ONVIF), unless they are proprietary systems like Nest cameras. 

The ONVIF protocol is used for camera discovery and configuration, whereas RTSP is used for real-time streaming of video. Many manufacturers will use either RTSP or ONVIF for their cameras, with a large number using both protocols. Because RTSP doesn’t have configuration capabilities, teams will often use the URI or IP address directly. 

There’s nothing wrong with these open protocols themselves. The issue is that IP camera manufacturers often make it easy to discover the admin password that the cameras have been shipped with. Many companies are starting to force new password creation when the camera is first connected to the internet, but that isn’t a common practice. 

IP cameras are also easily discoverable because of their connectivity. It’s easy for threat actors to scan the open internet using tools like Shodan and discover IP cameras. They can then query the camera and use a simple text file of possible passwords to guess the administrator user name and password. 

Once the password is found, threat actors can access the video stream and gather information. They can also use the camera as an initial access point and move laterally if the camera is accessible to other parts of the network. 

How to Secure IP Cameras Against Attack 

IP cameras suffer from similar issues to other connected devices. They’re often not built with security in mind, with manufacturers favoring speed over ensuring that these systems are hardened. The firmware used is often outdated by the time the device gets installed, which makes it vulnerable to compromise. 

Patching cameras needs to be a major priority for the security team. Not every device manufacturer releases a firmware patch or makes it easy to install, but the ones that do exist need to be deployed quickly. This shortens the exposure window that exists due to outdated firmware that may also have publicly known vulnerabilities. 

Barring the ability to patch vulnerabilities, teams should ensure that cameras are limited in their permissions and inaccessible for most systems. Access to camera feeds and device settings should be limited to specific human and machine users. Limiting permissions in this way can limit the ability of threat actors to move laterally from any compromised cameras. 

Security teams also need to implement multi-factor authentication (MFA) to access IP cameras. Adding MFA as part of access management for IP cameras limits the possibility that threat actors can access the devices. This is especially true if the access token required is tied to specific apps and specific employees. 

How Asimily Supports IP Camera Security 

The Asimily platform is designed with connected devices in mind. IP cameras are among the most common IoT devices in use today, making their security especially crucial. The Asimily platform ensures that IP cameras are kept secure with multiple key features, including: 

• Unified patching processes with fast updates: The Asimily platform enables a unified patching process across manufacturers, meaning that customers don’t need to master multiple different methods of updating firmware. This includes monitoring relevant manufacturer databases to notify security teams when a patch is available. Asimily also lab tests the patches to ensure that they’re stable and won’t brick cameras during deployment. 
• Discovery of eligible IP cameras across the network: Asimily automatically builds inventories to identify cameras that are eligible for patches, ensuring that security teams know which devices can be patched in their network. Asimily also makes it easy to deploy patches, eliminating the need for command line interfaces with a solution that empowers teams to see their status and history all from an intuitive interface for any supported device. 
• Bulk patch devices on a schedule: Asimily empowers teams to group devices and schedule patches, saving time and minimizing operational disruptions. These patch deployments can also be automated, enabling new firmware availability to trigger the patching process immediately. Teams can use this ability to stay ahead of attackers and reduce the risk of compromise. 

Asimily also monitors IoT devices for anomalous activity, ensuring that security teams are made aware of when cameras might be communicating with unauthorized systems. Tracking anomalous behavior can be an early indicator of an attack in progress, and early notification means that security teams have the option to interrupt threat actors in the act. 

With Asimily, customers can be confident that they have the intelligence they need to patch cameras and monitor them for issues. This keeps the broader system architecture secure and limits the risk of threats compromising critical systems. To learn more about Asimily, contact us today for a demo.