Cybersecurity - Here's how Azena keeps the bad guys out of its IoT video systems
Thieves are targeting smart cameras. In IoT, the cat-and-mouse game between attackers and defenders is in full swing. Learn how Azena is preparing its platform and engineers for it.
Like any other technology that is maturing and rapidly evolving, smart video technology can be vulnerable to attack or misuse. The good news is that no personal data is processed or stored in Azena empowered IoT video systems. So it's more theft of video footage and the hijacking and manipulation of devices that our smart video systems need to be protected against.
Spoiler: At Azena, a dedicated team of security specialists ensures the highest security standards in development and secure integration of hardware and software, so that our clients don’t have to worry about the safety of their smart camera systems. Learn more below.
Typical threats to smart camera systems
The days when CCTV cameras were open to intrusion and abuse are over. Network security has improved significantly in recent years. However, video systems remain popular targets for cybercriminals looking to make money from stolen digital assets or sabotage systems.
Threat #1: Steal video footage
Even though video data created and processed in IoT cameras does not contain personal data that can be easily misused for criminal business, video can be valuable for thieves. By hacking into a video stream, they can, for example, analyze what's going on in buildings, stores, or public places in order to plan burglaries and other crimes. Tens of thousands of stolen videos are sold on the Dark Web - prices range from $3 to $8 per video, depending on how “valuable” the content is.
Threat #2: Manipulate algorithms
Smart algorithms using Machine Learning and AI to analyze video data right in the cameras can be targets of external manipulation. There are mainly two ways to do this: first, malware injected into the system directly manipulates the algorithm's functionality. Second, manipulated video content tricks the algorithm and manipulates machine learning over a longer period of time. In both cases, the functionality of the system is compromised and outsiders gain control.
Threat #3: Hijack control
Hardware misconfiguration, weak setup of real-time streaming protocols, and other flaws in system setup make it easy for attackers to gain control of thousands of cameras in one go, depending on the size of a network. Network connections are also often not prepared to prevent unauthorized access. Thereby it can be stated that vulnerabilities are usually not rooted in the technology itself, but in its handling. That is why it is crucial to continuously raise awareness of IoT security among users, integrators and developers.
Worth reading: Hackers breach thousands of security cameras, exposing Tesla, Jails, Hospitals. A group of hackers say they breached a massive trove of security-camera data collected by Silicon Valley startup Verkada Inc., gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools. Read full article at bloomberg.com.
In practice, violations and manipulations often happen unnoticed or detected too late. Therefore, reliable mechanisms for prevention and detection are a must in any security strategy for video surveillance. At Azena, we help our clients and partners achieve this by making our platform and operating system for IoT video cameras as resilient as possible against attacks and misuse.
3 questions to Aleieldin Salem, security specialist at Azena
How do you see the overall threat to IoT video system security today?
IoT cameras are becoming more powerful and smarter, while the cost of hardware and data storage and transfer is dropping. No wonder there are already millions of networked cameras deployed around the world, and the number is growing. Given the sensitivity of the data such devices capture and process (e.g., facial expressions, license plates, and the purchasing habits of individuals), and that securing access to them comes often as an afterthought, such devices depict lucrative targets to a vast array of attackers.
Where is the journey heading, what are the major trends in IoT video security?
A lot of attention is being paid to address the typical shortcomings of IoT video devices, chief among which are the lack of secure communications, inadequate authentication mechanisms, and the utilization of legacy systems and components. Organizations, such as OSSA, for instance, aspire to devise standards that ensure the security and safety of IoT systems, including video security devices. With that in mind, vulnerabilities might still occur due to poor handling and integration of such systems or from ignoring standards altogether.
How does Azena protect its users' video systems against attacks now and in the future?
The overall challenge in IoT security today and in the future, as in all other IT areas, is to stay one step ahead of the hackers or, at least, to respond quickly and effectively to attacks. To achieve this, we at Azena follow different approaches.
First, security is a people business. That is why our security team aspires to create a security culture within the company as a whole and make security an integral part of our DNA. To that end, via onboarding training, regular presentations, and gamification of security threat modeling, we strive to raise awareness of security among non-technical staff as well as among engineers and developers working on security-relevant components of our platform and camera OS. Moreover, we provide practical support in designing our systems and implementing them.
Second, double-checking is key. As security specialists, we are not only internal ambassadors who raise awareness for security, but we also provide concrete support in the implementation of security concepts in product development. A significant chunk of our time is spent reviewing software code in order to improve security and resilience against manipulation. We want to make sure that security is considered in every line of code that is written.
Third, keeping systems up to date. Any PC or smartphone user knows that it is crucial to install security updates and patches to protect their devices from attacks. At Azena, we are constantly applying security patches released by our partners and camera manufacturers to make sure that the software and hardware we offer to our customers implement state-of-the-art security mechanisms.
Fourth, constantly monitoring our systems. The security cycle does not end once our solutions are deployed. With our IDS module installed on our cameras and our cloud-based SIEM system, we constantly monitor the interactions with our OS and cloud solutions in pursuit of any suspicious or malicious activities.
Conclusion: IoT video surveillance is here to stay. With every smart camera installed, the need to protect against cyberattacks grows. With that in mind, our security team at Azena works around that clock to ensure the security and safety of our smart camera systems.
Sign up for our newsletter to stay informed with IoT trends in video analytics and follow us on LinkedIn, Twitter, and Facebook to get notified when we have more interesting stuff to share.