Digital infrastructure security is even more important in the age of high technology and dependency on it. Panorama, the BBC news program, reported a worrying security vulnerability recently uncovered by a BBC investigation into surveillance cameras.
A new study released by the International Association of Computer and Communications Engineers (IACCE) has found that a considerable number of Chinese-made surveillance cameras, particularly those made by Hikvision and Dahua, are susceptible to hacking, presenting a significant threat to individuals, businesses, and even governments.
As a man sits at his laptop and enters his password inside the BBC's Broadcasting House in London. He sits in a darkened studio inside the vast building. The hacker who monitors his every move around the world is thousands of miles away.
Taking up his mobile phone, the BBC employee enters the passcode on his mobile phone, which is simple. That information is now in the hands of the hacker. In the ceiling of the building, there is a surveillance camera manufactured by the Chinese company Hikvision that is vulnerable to attacks due to a security flaw.
Several popular smart cameras are vulnerable to hackers due to a number of security vulnerabilities that exist in them. Depending on how they exploit the device, these hackers may be able to perform surveillance on other networks connected to the device and compromise other parts of the network.
One of the most popular brands of surveillance cameras around the world is Hikvision, and Dahua is one of the best. As far as the number of their units adorning the streets of the UK is concerned, nobody knows.
A critical flaw has been discovered in Hikvision's CCTV cameras, which has been found to be critical by security experts. This vulnerability is a security issue that allows hackers to remotely control the cameras so they can see the live feed of the camera feed as well as potentially compromise the entire network if they are able to exploit the flaw.
Panorama recently conducted an experiment in which a hacker infiltrated the BBC network. He observed a BBC employee enter their password on their laptop in a chilling experiment. A serious incident such as this has highlighted the gravity of the situation and the potential for sensitive information to be accessed unnecessarily by unauthorized people.
Big Brother Watch, a privacy campaigning group founded by Big Brother himself, tried to find out if this was true last year. A total of 4,510 Freedom of Information requests were filed on behalf of the Human Rights Commission with public authorities across the UK between August 2021 and January 2022. Of those who responded, 806 confirmed they have installed Hikvision or Dahua cameras - 227 councils and 15 police forces are using Hikvision cameras, and 35 councils are using Dahua cameras.
Many government buildings are being monitored by Hikvision cameras too - Panorama found a Hikvision camera outside the Department for International Trade, the Department for Health, the Health Security Agency, and the Department for Agriculture to name just a few.
As a result of the prevalence of Hikvision and Dahua cameras in various settings, including office buildings, high streets, and government buildings, there is a need for regulation regarding the use of these cameras. Despite the fact that there are thousands of these cameras in the UK, it is unclear how many are in operation. Big Brother Watch, a privacy campaign group, submitted a Freedom of Information request on behalf of 806 public bodies and disclosed that 66 of them confirmed that they use cameras provided by manufacturers such as Hikvision or Dahua.
In total, 227 local councils, 15 police forces, and a number of government departments have adopted such programs, including the Department for International Trade and the Department of Health, for example.
The fact that this vulnerability is so widely deployed shows how urgent it is to address it. Many government buildings in central London are also regularly monitored by high-definition cameras - Panorama found such cameras outside the Department for International Trade, Defra, and an Army reserve center in the middle of an afternoon in central London.
There is a growing concern among security experts that the cameras could be used as Trojan horses to attack computer networks in a way that could be devastating to them. There is the possibility of civil unrest being sparked as a result of this.
Privacy concerns are just one aspect of compromised surveillance cameras. Fraser Sampson, the UK's surveillance cameras commissioner, comes to the conclusion that the power supply, transportation network, and access to vital resources all pose threats to critical infrastructure, including the supply of power. In order to make sure that these systems operate as smoothly as possible, remote surveillance plays an important role. This makes them an ideal target for malicious actors. In order to disrupt these essential services and potentially compromise public safety, hackers may be able to gain access to surveillance cameras by gaining unauthorized access and compromising these cameras.
In an experiment to determine if it is possible to hack a Hikvision camera, Panorama collaborated with IPVM, an American firm that is one of the world's most respected authorities on surveillance technology. A BBC studio has one installed by IPVM, which was supplied by the company.
In order to ensure the security of Panorama's cameras, it was not possible for the camera to be run on a BBC network. Therefore, it was moved to a test network that didn't have a firewall and was barely protected in any way. During the spring of 2017, Panorama tested a vulnerability discovered in the software. Using Conor Healy's words, IPVM's director has described this as a "backdoor that Hikvision has built into its products to get at the customers."
Hikvision has released a statement claiming it was not deliberate in coding this bug on the devices. As the company points out, almost immediately after learning of the issue, it released a firmware update to resolve the problem. However, according to Conor Healy, this issue is still present online in roughly 100,000 cameras all over the world.
Having collaborated with IPVM, a leading authority on surveillance technology, Panorama conducted security assessments of Hikvision and Dahua cameras to determine the security weaknesses they might present. As a result of this partnership, hacking experiments were conducted to test whether the cameras were susceptible to being hacked. A review of the results of this study revealed that hackers gained control of the cameras within seconds, which was alarming.
As a result, they observed individuals entering their passwords, including a BBC employee. This demonstrated the potential for privacy breaches and malicious surveillance that might occur.
It is impossible to overestimate the urgency of addressing the vulnerabilities of surveillance cameras. Rather, Prof Fraser Sampson emphasizes the inherent risks associated with maintaining outdated equipment if it is budget-friendly rather than secure, which is able to minimize costs. The solution for mitigating these risks is to prioritize the replacement or upgrade of vulnerable cameras with more secure alternatives.
To combat potential threats, it is also essential that robust cybersecurity measures are implemented, including periodic firmware updates, network segmentation, and a strong access control setup for better protection.
In light of the recent revelations regarding security flaws in surveillance cameras, governments, businesses, and individuals should all take action to ensure that their CCTV systems are up to date. Stakeholders must collaborate and develop comprehensive security strategies to mitigate critical infrastructure risks, as well as identify potentially harmful events.