ACCESSING INFO BY HACKING INTO CCTV SYSTEMS
A US security expert says he has identified ways to remotely attack high-end surveillance cameras used by industrial plants, prisons, banks and the military, something that could potentially allow hackers to spy on facilities or gain access to sensitive computer networks.
Craig Heffner, a former software developer with the National Security Agency (NSA) who now works for a private security firm, said he discovered the previously unreported bugs in digital video surveillance equipment from firms including Cisco, D-Link and TRENDnet.
They could use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems.
Craig Heffner, security expert
“It’s a significant threat,” he said. “Somebody could potentially access a camera and view it. Or they could also use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems.”
He plans to demonstrate techniques for exploiting these bugs at the Black Hat hacking conference, which starts on July 31 in Las Vegas.
Heffner, who now works as a vulnerability researcher with Tactical Network Solutions in Columbia, Maryland, said he has discovered hundreds of thousands of surveillance cameras that can be accessed via the public internet.
In 2011, the $7 million security camera system at Parliament House in Canberra was found to have ”critical” security deficienciesthat left the building vulnerable to attack, according to a whistleblower’s report.
Heffner said he has figured out a real-life version of the familiar “Hollywood-style” attack that has become a fixture in action films. He can freeze a picture on a surveillance camera to help thieves break into facilities without detection.
He has not discussed his research with the camera makers, he said, and does not plan to do so ahead of his presentation at the hacking conference.
Cisco, D-Link and TRENDnet said they would take any appropriate action that might be needed to secure their equipment after the Black Hat presentation.
Heffner’s presentation is one of more than 100 talks at the annual gathering, which is expected to attract 6500 security professionals who will learn about the growing threat hackers pose to businesses, consumers and national security.
Other talks will explore threats to Microsoft Windows and Apple systems, mobile phone networks, medical devices and systems that control industrial plants.
All research presented at the conference is vetted by a review board of 22 security experts.