Security

Hacking 101: Why Video Surveillance Should be Left to the Pros

When selling video surveillance systems to would-be DIYs, remind customers it's not just physical security to consider, but also data security, given all the cybersecurity hacks out there, especially through IP cameras.

Hacking 101: Why Video Surveillance Should be Left to the Pros
On any given day, CVE tracks hundreds of vulnerabilities among surveillance cameras and NVRs, suggesting pros should be involved in setting up these products on secure networks and protecting them with ongoing remote updates.

Julie Jacobson · November 15, 2017

Over the last year there have been several high-profile hacking events, including a DDOS attack on DYN which shut down major websites across the East Coast, and the much more recent Equifax breach. Hackers are consistently working to take advantage of weaknesses, and security systems are a top target on their list. One of the more common devices in these systems is the IP camera – it’s incredibly common, and many are inexpensive and poorly maintained.

Yet these products can be so simple and inexpensive for DIYs to install themselves, why would they need a pro for the job? Consider that getting the cameras and recorders up and running is the easy part. Maintaining these products and services over time is actually the hard part.

Manufacturers forget to mention this, even with a small asterisk, when they tell you, "It's so easy your grandmother can do it.

Remote networking, monitoring and management tools like SnapAV's Luma + OvrC can help customers protect their surveillance systems from hacking.

Recently, several surveillance manufacturers, including some really big ones, have announced known exploits on their systems that have comprised not only home security by the Internet in general. (See the running list at CVE, Common Vulnerabilities and Exposures.)

Breaches through cameras and other IoT devices remain a constant and ever-changing threat. A pro should make sure the products are connected over a secure network, administered properly and updated constantly to ward off the latest Internet security threats.

In selling surveillance -- even DIY products -- remind clients that a security system is just like any piece of software that needs to be maintained and updated. New firmware is available on a regular basis to fix security threats, as well as address known issues and add new features (same is true for most connected devices).

Security systems should always be running on the latest available firmware, which requires them to be updated frequently. When given the option, do consumers press the "upgrade now" button or, like many of us, do they cancel and put it off to a later date?

As for home-technology pros, updates can consume quite a bit of time if done manually. To update the firmware of a handful of cameras and a recorder might take an hour. But multiply that across 25 sites and you are talking about significant time – and cost.

Thankfully, there are remote management systems that can ease this burden – simplifying the process and greatly reducing the time it takes to keep your customers’ security systems up to date. This includes instant notifications when new firmware is released, the ability to update remotely, and more.

Can a consumer do that by themselves? Will they?



Secure Your Free Pass to CEDIA EXPO 2019

Register before Sept. 2 to gain free access to the opening keynote, product training & education series as well as the show floor including Innovation Alley and much more. Don’t miss your chance. Sign up today.




  About the Author

Julie Jacobson is founding editor of CE Pro, the leading media brand for the home-technology channel. She has covered the smart-home industry since 1994, long before there was much of an Internet, let alone an Internet of things. Currently she studies, speaks, writes and rabble-rouses in the areas of home automation, security, networked A/V, wellness-related technology, biophilic design, and the business of home technology. Julie majored in Economics at the University of Michigan, spent a year abroad at Cambridge University, and earned an MBA from the University of Texas at Austin. She is a recipient of the annual CTA TechHome Leadership Award, and a CEDIA Fellows honoree. A washed-up Ultimate Frisbee player, Julie currently resides in San Antonio, Texas and sometimes St. Paul, Minn. Follow on Twitter: @juliejacobson Email Julie at julie.jacobson@emeraldexpo.com

Follow Julie on social media:
Twitter · LinkedIn · Google+

Julie also participates in these groups:
LinkedIn · Google+

View Julie Jacobson's complete profile.



  Article Topics


Security · Cameras · Surveillance Systems · News · Cybersecurity · IoT · Luma · OvrC · Remote Monitoring · SnapAV · All Topics
CE Pro Magazine

Read More Articles Like This… With A Free Subscription

CE Pro magazine is the resource you need to keep up-to-date on the latest products, techniques, designs and business practices. Subscribe today!

Subscribe Today!

Comments

Posted by Julie Jacobson on November 16, 2017

@hmurchison, obviously I’m with Paul. It’s not something you need to scare your clients over. Dealers will already have mentioned that you should trust them to keep your network safe. It’s the answer to: Cameras are so easy, I can just do it myself. If you broadcast, “Don’t trust yourself with DIY cameras, hire a pro because ...” it could be an effective message.

Posted by Paul Cunningham on November 16, 2017

@hmurchison - hacking cameras or NVRs as a precursor to a break in is a pretty big “unless” particularly for the light commercial clients that many of us install far - bars, restaurants, offices, etc. Not to mention that it’s pretty easy to find out the address of a vulnerable residence if there’s a street or address sign, license plate or other identifiable landmark in frame, even next door or across the street.

But you’re missing the larger point that damage is not limited to just seeing the cameras or accessing (and deleting after a crime!!) recorded footage which is bad enough. Many devices, once hacked, can run arbitrary code and potentially provide a back door to the network to let the hacker in at any point in the future. At that point they can view data, manipulate routing/DNS to direct to malicious sites, and take over previously unexposed devices inside the network and cause lots of very big problems.

Talking about the need for security in a security system won’t talk any reasonable person out of a sale, but might instill in them the confidence that you’re not some yahoo who thinks it’s no big deal that someone hacks into their surveillance system…(ahem). It also greases the wheels for being able to charge for a proactive service plan.

Posted by hmurchison on November 15, 2017

I wouldn’t even bring hacking, it’s a good way talk yourself out of a sale. Security cams primary job is to monitor physical threats so unless IP hacking is a precursor to a break in the the damage from hackers is minimal.  All you need to do is tell them the truth. Wired systems are cheaper to operate over time and perform much better.  People generally don’t want to slither around their attic or crawl space thus the Pro install is the next step.

Posted by hmurchison on November 15, 2017

I wouldn’t even bring hacking, it’s a good way talk yourself out of a sale. Security cams primary job is to monitor physical threats so unless IP hacking is a precursor to a break in the the damage from hackers is minimal.  All you need to do is tell them the truth. Wired systems are cheaper to operate over time and perform much better.  People generally don’t want to slither around their attic or crawl space thus the Pro install is the next step.

Posted by Paul Cunningham on November 16, 2017

@hmurchison - hacking cameras or NVRs as a precursor to a break in is a pretty big “unless” particularly for the light commercial clients that many of us install far - bars, restaurants, offices, etc. Not to mention that it’s pretty easy to find out the address of a vulnerable residence if there’s a street or address sign, license plate or other identifiable landmark in frame, even next door or across the street.

But you’re missing the larger point that damage is not limited to just seeing the cameras or accessing (and deleting after a crime!!) recorded footage which is bad enough. Many devices, once hacked, can run arbitrary code and potentially provide a back door to the network to let the hacker in at any point in the future. At that point they can view data, manipulate routing/DNS to direct to malicious sites, and take over previously unexposed devices inside the network and cause lots of very big problems.

Talking about the need for security in a security system won’t talk any reasonable person out of a sale, but might instill in them the confidence that you’re not some yahoo who thinks it’s no big deal that someone hacks into their surveillance system…(ahem). It also greases the wheels for being able to charge for a proactive service plan.

Posted by Julie Jacobson on November 16, 2017

@hmurchison, obviously I’m with Paul. It’s not something you need to scare your clients over. Dealers will already have mentioned that you should trust them to keep your network safe. It’s the answer to: Cameras are so easy, I can just do it myself. If you broadcast, “Don’t trust yourself with DIY cameras, hire a pro because ...” it could be an effective message.