CCTV systems get hacked more often than you think.
Scenario:
Business owner walks into work and starts prepping for the day’s sales. He walks past the CCTV monitor and notices it is blank. He checks and sees that the mouse cursor is moving on the screen and so he tries to check the settings. He logs in using his password but gets an error message “Incorrect password”. Confused, he grabs his notepad and confirms the password and tries again but same result. Then he notices something strange in the display name of the cameras, they all say “HACKED”.
Now just put yourself in his position and think if you saw this at the CCTV system at your house. That sinking feeling, that paranoia is warranted and it will rob you of your peace of mind as you wonder what else could they have gotten into? What did they see?
The owner did call and we got him sorted out and these are some of the things we did that I am sharing with you in a hope that you would avoid the same from happening to you.
1. Create a strong password
One of the reasons that the hackers were able to make so many changes was because they had admin/root access, that is, they had all rights and privileges without restrictions. They got that because the owner never changed the default password on the system since being installed (admin, 123456), that was the first thing we changed. We also wanted to disable the admin account and enable a custom user with “Admin” rights but the system wouldn’t allow for that hence using a Strong Password that consists of one or more uppercase letters, lowercase letters, numbers, symbols and spaces(where permitted).
2. Secure Router Access
As an added precaution we checked the router to see what, if any, changes were made. We did not find anything suspicious there but reset the router anyways and rebuilt the firewall rules from scratch and used different ports (no the default ones). This was done so that they could not easily maintain persistent access to the network, but this was all we could do as it was a consumer grade router and they have limited security features (we advised an upgrade).
3. Limit Remote Access
Following along securing the router, we also took the time to limit who and how many users can access the system at any given time. Some CCTV systems give you the option to do so and others do not, so this method is to be used where applicable (DIY vs Professional Systems article soon). On his system we were allowed to give certain users remote access to “view only” and one user was given all access to change settings, etc. This system did not have a point to point which worked out better in this case as we had more control over ports and access and logging information would be less vague as it would show who logged in from where.
These methods once implemented will greatly assist in making your system a hard target but be reminded that nothing is hack proof; all it takes is for someone to find vulnerabilities in the firmware or for someone to make a mistake and leave something on the network open and unsecured.
There are tools like Shodan that show indexed endpoints that have open ports that hackers have been known to exploit, also I have a video on my YouTube channel that shows how this can be done using a network scanner and google.
If you have any more suggestions for securing your CCTV system from hackers leave them in the comment section.
Thanks for your time reading this and hope it helps.