VdS warning: Millions of video cameras vulnerable to hacking
Dangerous access to nine million video cameras: Precisely the insecure cloud functions that the police and VdS have been warning against for years enable tampering with the surveillance systems of hundreds of end manufacturers. Developers can find precise help for secure remote access in the guidelines VdS 3169, available free of charge.
The police and VdS have been warning for years against the often extreme vulnerability of insecure cloud solutions – even for components used in the security sector. The most recent example: video camera parts from one of the world´s largest manufacturers of this type (based in eastern China). Hack attempts by the Viennese IT security consultants SEC Consult revealed fast access options for nine million cameras currently in use. Program manipulations were also easily possible.
A particular problem is that although these components are used by more than a hundred end manufacturers, they are usually not listed anywhere. By the way, the botnet “Mirai” (perpetrator caught and convicted), which in 2016 paralysed large parts of the Internet including Twitter, Spotify and Netflix, drew its attack strength to a large extent from hacked components of this very manufacturer.
Sebastian Brose, Head of Product Management in the VdS Business Unit Products & Companies, explains: “Since then, optimisations have mostly not taken place. Many institutions all over the world which are highly interesting for criminals are using these vulnerable components. Hackers will not only see everything that happens there quickly and easily, but can also use the gap to enter other systems on site and misuse them as attack tools. Users of VdS-approved systems do not have such problems – after all, these are exactly the things we are testing for.”
The problem often arises because remote access via app has been made possible. Developers can find important help for a secure implementation in the free guidelines VdS 3169en (simply enter “3169en” in the search field on vds-shop.de/en ).