Unsecured surveillance cameras could be susceptible to cyberattacks by hackers especially during ongoing Iranian attacks, according to the National Cyber Security Centre (NCSC).
These cameras can be used for gaining access to homes and locations, as well as monitoring events in the area, the NCSC noted in a public advisory issued yesterday.
“Unsecured surveillance cameras may become a source of information leakage,” the centre noted.
“In light of the current tensions, surveillance cameras may be exploited to gain access to homes, locations, or monitor events in the area due to insecure settings.”
In recent years, home and office security cameras have become ubiquitous, with households and businesses able to buy them at most electronics stores in order to secure their premises.
However, off-the-shelf security cameras have significant risks.
According to American cybersecurity firm McAfee, most attacks are not incredibly sophisticated and can be traced to “insecurely designed products, absent patches, and poor installation configurations”.
Security cameras, baby monitors, and ‘smart’ doorbells have serious vulnerabilities that allow hackers to hijack devices and spy on users, according to experts.
“Affected devices use ‘peer-to-peer’ features (also known as ‘P2P’) that allow users to connect to their devices the moment they come online,” US-based security researcher Paul Marrapese added.
“Hackers are able to exploit flaws in these features to rapidly find vulnerable cameras, then launch attacks to access them.”
Mr Marrapese has compiled a map of potentially vulnerable devices, showing that at least 575 devices in Bahrain are particularly susceptible to P2P attacks.
Meanwhile, in light of the Iranian attacks, the UAE Cyber Security Council has warned that poorly secured devices can become gateways for cyberattacks.
According to the council, attackers may exploit vulnerabilities such as default or weak passwords, outdated software, exposed configuration settings and the use of untrusted applications or services.
It also warned users to watch for unusual signs that may indicate a compromised device, including unexplained changes in settings, unfamiliar login activity through linked applications or email accounts, or unexpected slowdowns and interruptions.
The NCSC has also issued a set of guidelines to help people protect themselves:
– Secure your Internet network and cameras with a strong password. Use a password that is difficult to guess to protect your network and cameras from unauthorised access.
– Make sure you have the latest firmware updates for your camera system. Updates help protect cameras from hacking and fix security vulnerabilities that attackers could exploit.
– Avoid connecting the camera’s Digital Video Recorder (DVR) to the Internet when unnecessary. If recordings are stored on the DVR and you do not need to access them remotely, keep the device offline to reduce the risk of unauthorised access.
– Do not allow direct access to cameras via the Internet. Making cameras accessible online may allow others to attempt to view or exploit them.
– Enable Multi-Factor Authentication (MFA). This adds an extra layer of security by requiring an additional verification code when logging in.
naman@gdnmedia.bh
&uuid=(email))