Video Cybersecurity

By: Bryan Harte

New cybersecurity threats can block, change and invalidate video surveillance security systems. In 2022, there were over 1 billion surveillance cameras worldwide and more than 65% of the surveillance cameras marketplace is IP video cameras [1]. The use of IP video surveillance cameras provide unauthorized access to and blocking of digital video signals. Digital videos can be changed blocking the ability to verify their authenticity and low cost tools and services are available to enable hackers and criminals. This article covers some new systems and processes that can be used to protect and verify video surveillance.

The purpose of a video surveillance system includes monitoring, forensics, enforcement, operations or implementation applications. Video surveillance systems are transitioning from closed analog video to IP based digital video using Internet connections. The use of IP digital video surveillance cameras increases security risks from remote locations.

Hackers may modify or create fake content to confuse, distract or create fake activities. Video content changes can range from simple distortions to complete new deepfake creations. 

Video surveillance content is critical for use in public safety detection and law enforcement. This requires the ability to validate the source of the video and that it has not been altered.

Blockchain technology can be added to video surveillance systems to protect video streaming, stored and processed information. Blockchain video surveillance can enable the secure interconnection of video surveillance cameras with systems, databases and services.

Video Surveillance Camera and Device Access

Video surveillance cameras and processing equipment are constantly connected to the security network and many security networks are connected to the Internet. Video systems with dedicated IP connections allow threat agents to continuously attack them until vulnerabilities are discovered.

IP based video security cameras can have low or no security capabilities. Research by Shodan.io and Censys.io tests of well known manufacturers found over 1 million surveillance cameras and over 125,000 surveillance servers were exposed to the Internet. Of these, 90% of the IP devices did not have secure connection portals (do not use HTTPS), approximately 8% had open SSH and Telnet ports and 3% have exposed databases [2].

IP video cameras are usually connected to a single centralized server which may be on-site inside the company or home firewall. The system can be connected to a private network and the Internet. Table 1 shows some of the key video surveillance attack types.

Video Surveillance Attack Types:

OS Scan Scans the security network of hosts to identify potential vulnerabilities.
Fuzzing Looks for vulnerabilities in the surveillance system servers by sending random commands.
Video Injection Injects a recorded video into a video stream.
ARP Man in the Middle (MiTM) Intercepts a communication link and modifies commands and content.
Active Wiretap Intercepts all IP data traffic through an accessible cable or data connection.
SSDP Flood Overloads surveillance server resultign in cameras sending many UPnP messages.
SYN DoS Disables an IP camera’s video stream by overloading its media server.
SSL Renegotiation Blocks a camera’s video stream by sending many SSL renegotiation packets.
Malware Botnet (Mirai) Infects network devices with malware by exploiting default or exposed connections and then scans for potential vulnerabilities.

Table 1 – IP Video Surveillance Attack Types

One of the biggest threats to video surveillance is when unqualified people connect cameras and other devices inside the firewall. This creates venerable attack points in the network where hackers can worm their way through security devices to get to other devices connected to the local network.

Ways to protect video surveillance access and ensure services (security hardening) include reviewing and approving devices with network connections, training people on security threats, using separate IP networks & VPNs, setting up detection systems, updating device software and creating network configuration backups.

You can prohibit or require people to get approval before connecting devices to security systems with IP networks. Provide your staff and family members with training so they understand common threats such as phishing and that they should not plug in devices such as streaming cameras without review and authorization. If possible, use a separate IP network for video surveillance systems. Use VPNs for all security devices and servers in the IP Network. Setup a network intrusion detection system (NIDS) that continually monitors and has automatic discovery of unauthorized connections and activities. After you detect an attack, filter malicious packets and log the malicious activity for analysis which can be used to defend against future attacks. Backup video device router configurations and create system restore points. Update the firmware and software of devices, routers and servers. Disable unused communication services and protocols such as older unused WiFi protocols (802.11b, 802.11g) bluetooth on desktops.

Video Surveillance Content Modification

Video surveillance content can be modified or created to confuse, distract or create fake activities. Video content changes can range from simple distortions to complete new deepfake creations. 

Video surveillance cameras can use video artificial intelligence (Video AI) to do facial recognition, threat identification and enable rapid investigation that can reduce or eliminate crimes and injury. Video AI and audio AI can also be used to deepfake videos that look authentic and can be hard or impossible to detect or invalidate. 

Deepfake creation tools can have a legitimate purpose. Bruce Willis was the first actor to authorize (sell his rights) that allows the creation of a “digital twin” of himself for use in movies and shows. Using deepfake, Bruce Willis appeared in a phone advert without ever being on set, after his face was digitally transplanted onto another performer. [3]

New low cost tools and services enable unskilled people to make deepfake videos using a small amount of sample photos and videos. Tools such as Descript.com allow for the synthesis of audio in a persons own voice from a text transcript. Descript currently requires a user to submit authentication and provide explicit permission allowing the creation of synthesized audio in their voice.

Video Surveillance Authenticity Validation

Video surveillance content may be used in detection and enforcement. This requires the ability to validate the source of the video and that it has not been altered.

Identifying a deepfake may be done by looking for visual differences such as blinking, eye movements, bad lip syncing or exact visual repeats of movements. As deepfake tools improve, it is likely to make it impossible even for video forensic experts or AI detection tools to identify deepfake videos. 

Additional ways that videos can be authenticated is through the adding of hidden watermarks and other metadata associated with the cameras or systems.

Video Surveillance Blockchain 

Blockchain security can be designed to protect video information stored on a specific blockchain and can be applied to a wide range of data storage and processing systems. 

Blockchain is a sequence of data blocks that are linked with time-stamped digital records. A Blockchain system is a mix of technologies and protocols that allow a master database of all transactions (ledger) to be stored, processed, and updated by all members (nodes) where the data can be independently copied and distributed between nodes. All the blocks of data are verified by trusted members using an agreed (consensus) algorithm which can be linked to other blocks in the database (hash cryptography) .

Blockchain can be used by video surveillance systems to uniquely identify, validate and link all blocks of video content so it cannot be altered. The use of blockchains in video surveillance allows companies and people to use multiple cameras from different manufacturers connected through the Internet. 

References

  1. “Global Surveillance Camera Market Report 2022,” PR Newswire, Oct 12, 2022
  2. “The Security of IP-Based Video Surveillance Systems”, Naor Kalbo, Yisroel Mirsky, Asaf Shabtai, Yuval Elovici, National Library of Medicine, 20 Sep, 2020
  3. “Deepfake tech allows Bruce Willis to return to the screen without ever being on set,” The Telegraph, 28 Sep 2022