There have been a lot of frightening things in the world of IT and telecom during the past few years. Something that stick outs even in this threatening landscape happened a few years ago when particularly creepy malcontents hacked into video baby monitors.
That particular sign of the apocalypse comes to mind when reading about the hacking of thousands of closed circuit cameras. More than 25,000 hacked CCTV cameras and digital video recorders were enlisted to launch distributed denial-of- service (DDoS) attacks, according to Network World.
Security firm Sucuri observed one of the attacks, which was waged against a small, and no doubt unsuspecting, brick-and-mortar jewelry store. The beleaguered shop was flooded with 50,000 HTTP requests at the application layer. It is almost certain that a small shop’s IT infrastructure wasn’t up to the challenge.
It is not an isolated problem. And, as usual, people’s inertia is a big part of the problem. In April, Quartz reported about 6,000 unsecured video streams. The streams are unsecured because people don’t set a password or use the default out of the box.
The city with the most unsecured feeds was San Jose, with 162. The rest of the top five were Los Angeles (159), New York City (126), Boston (123) and, for some reason, Torrance, California (107). Overall, about one-quarter of the unsecured cameras were in businesses.
Not all the problems are the fault of lazy users. In March, SecurityWeek ran a piece describing, in great technical detail, a flaw in a surveillance camera. This particular problem was especially dangerous because it involved the white labeling market. In this sector, many identical or very similar devices from a single manufacturer carry the names of many companies.
In this case, the flaw, which targets the DVR element of the system, was manufactured for more than 70 vendors by TVT, a Chinese company. The remote code execution (RCE) vulnerability was included in firmware from an Israeli company that apparently was used by TVT.
The use of surveillance technology has been growing for years. The idea that a good percentage of it is inherently unsecure is unsettling. Combine that with people’s well-known lazy tendencies and technical ignorance and the situation becomes truly frightening.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at [email protected] and via twitter at @DailyMusicBrk.