The next time you walk into a public store, gas station or parking garage, take a look around and count the security cameras. Those cameras are meant to, as their name suggests, make areas more secure through constant monitoring. But, in some cases, it appears that the reverse effect could actually be happening.
Just last week we shared how hackers are now turning their attention to other web-connected devices besides your laptop and personal computer. DVRs, webcams, smart home devices and even printers are the newest targets on their radar. Still, the chances of your home being targeted are very slim. Especially, when there are bigger fish in the sea.
Those fish, of course, are retailers and even public areas such as theme parks. Essentially, anywhere security cameras are used for surveillance of the public.
Although not all security cameras are vulnerable to hacking, products made by a manufacturer called AVTECH were recently found to have flaws that could allow hackers to remotely access the video footage captured by these devices.
AVTECH is a Taiwanese-based company that manufactures video surveillance equipment (not to be confused with AVTECH, a Rhode Island company, which manufactures temperature sensors and alarms). The issue was brought to the company's attention by a group of researchers from Hungary more than a year ago, and again in May of this year. It is only now becoming public because the researchers have yet to get a response from AVTECH.
This is scary. Imagine what could be done with the type of footage these surveillance cameras record, especially if it fell into the wrong hands. By silently watching in the background, hackers could easily monitor the movement of security guards to plan robberies or attacks. They could also collect data such as the license plate number of your car to record how often you visit a particular location. And what about those cameras that monitor ATM machines? Yikes!
So, what are the vulnerabilities researchers discovered? Some of them are downright shocking.
First, practically anyone can receive configurations for these devices. All they need to do is find the IP address and crack the password to log in. Once logged in, data from these devices can be easily downloaded since the device doesn't verify if a file is meant to be public. Additional issues were found with the security certificates used by these devices to connect to a server, which can be intercepted.
Another thing that is so concerning is that, as a member of the general public, there's really nothing you can do to protect yourself from this (except cover your hand whenever you enter your PIN number). It's really up to the businesses that use these surveillance devices to push AVTECH to correct these issues. They can also ensure that the collected footage is stored on a separate network, and doesn't allow access through the internet.
In the meantime, you can take all of the necessary steps to protect your devices at home. Listen to this podcast episode about how hackers are using webcams to watch your every move, and take these simple steps to keep hackers from spying.