Cybersecurity experts from Trend Micro blocked five million attempted hacks of IoT cameras.
IP cameras have become a prime target for hackers. Viewing inside someone’s home or business has clear advantages for someone with malicious intent. This could involve blackmail, or even seeing what items a property holds and whether anyone is around.
Other key reasons provided by Trend Micro for hackers targeting IP cameras include:
Constant connectivity. Like many other devices, IP cameras need to be internet-connected to function properly. However, exposure to the internet also makes it easy for hackers to find the cameras and potentially exploit the devices. Once hacked, the devices will be able to serve the hackers’ needs.
Low hacking investment. Unlike with hacking a PC, once hackers see a way to break the security of an IoT device such as an IP camera, the same approach can usually be applied to other devices of similar models, resulting in a very low per-device hacking cost.
Lack of supervision. Unlike PCs, especially those used in offices, IP cameras have low user interaction and are not well-managed in terms of security. Installation of an aftermarket anti-malware application is not available either.
High performance. The idle computing power of an IP surveillance camera is usually good enough to perform hacking-related tasks such as cryptocurrency mining, and without being noticed by end users at that.
High internet-facing bandwidth. The always-connected, fast, and huge bandwidth designed for video communications makes for a suitable target for hackers to initiate DDoS attacks.
Many cameras – especially cheap imported devices – often don’t prompt users to change default passwords, meaning they can be compromised with very little expertise. Some websites even provide a directory of vulnerable cameras that can be streamed.
Trend Micro teamed up with IP security solution provider VIVOTEK in a bid to secure IoT cameras. Data from 7,000 IP cameras were analysed by Trend Micro to find the scale of the threat against them, and how few protections they have.
“While the industry has known about cyber risks, manufacturers have been unable to properly address the risk without knowing the root cause and attack methods,” comments Dr Steve Ma, VP of Engineering, Brand Business Group at VIVOTEK.
VIVOTEK’s own IP cameras have Trend Micro’s IoT Reputation Service embedded to offer the first surveillance devices with brute force attack protection and hosted IPS.
Oscar Chang, Executive Vice President and Chief Development Officer at Trend Micro, said:
“More verticals are seeking connected, AI-powered video surveillance applications causing a clear paradigm shift from a relatively closed-off network to a more interconnected network operated heavily by cloud-based technologies.
Due to this shift in the landscape, manufacturers and users must pay attention to the security of these IoT devices, and Trend Micro is committed to securing today’s increasingly connected environment.”
Trend Micro’s analysis found 75 percent of blocked attacks were brute force login attempts. The cybersecurity giant says it shows ‘a clear pattern’ that devices are being targeted with common malware, such as Mirai.
A ‘shared responsibility’ model has been suggested by Trend Micro in a bid to tackle video surveillance threats. “Complete end-to-end protection and risk awareness is key to a secured video system – involving manufacturers, service providers, system integrators and end users,” the company says.
Interested in hearing industry leaders discuss subjects like this? Attend the IoT Tech Expo World Series events with upcoming shows in Silicon Valley, London, and Amsterdam.