The article ( http://www.wired.com/threatlevel/2009/07/video-hijack/ ) on how a malicious intruder in a LAN can hijack an IP camera and insert his/her own IP feed into the system. The intruder uses a simple but effective technique called ARP cache poisoning / ARP spoofing. ARP cache poisoning is a technique that uses a host computer (the intruder) to position itself between an IP camera and an NVR, making the NVR believe that it is talking to the IP camera, but in fact it is talking to the intruder. This way, the intruder can inject any video feed that it wants into the NVR.
This is a fundamental problem with NVRs and IP cameras. Since LAN is a trusted environment, and ARP is a technique that was developed assuming trust between computers on a LAN, this problem will not easily go away unless the underlying protocols are changed.
Even if the video is encrypted on the LAN, the main communication between the client and the server is not. This can help an attacker disable the NVR/DVR in question, even if he is not able to inject video.
How can one avoid video-jacking? One way is entirely avoid using IP cameras and use only Analog cameras. Since tampering of analog cameras require physical access to the infrastructure, this may be a bit more secure. One can argue that even with analog cameras in place, IP streams still do flow through the LAN from the DVR/NVR to any connected clients.
A more complete way to prevent video injection is by using a peer-to-peer VPN connection along with Analog cameras. Cradle's enVigil products come with peer-to-peer VPN pre-installed. Thus, all access on the LAN to the enVigil server is through a peer-to-peer VPN connection. Thus, even if a computer is hijacked with APR spoofing techniques, it will be nearly impossible to inject/hijack the video streams, since that requires cracking the VPN networking layer.
Please visit www.cradle.com for more information on the enVigil product.
Monday, November 9, 2009
Spoofing IP based CCTV systems
This is reply to the video security over the internet by Tom
Tom Medlicott
Owner, cctvengineer.com
yes i think hybid system will be around for a long time. and infact hybrids will only get better. each month we are starting to see major problems that exist along side the ip systems. end users (the customers) just finding out they have very expensive yearly licence fees to run there ip systems and another problem that has just been released is the following artical from america.
(I HAVE REMOVED LINK TO THE SOFTWARE) if you wish the link please email me.
Spoofing IP based CCTV systems
The case against the security of IP based CCTV systems was recently highlighted with the release of a new web tool shown at the hacker conference in Las Vegas. A security assessment tool, Videojak has the ability to both intercept Internet video feeds and eject false 'looped' images.
Similar in concept to Hollywood's "Mission Impossible" where the attacker can hack, monitor and record a CCTV feed (when nothing is happening), then play this back in a loop to hide the actual live feed (presumably while Tom Cruise is lowered down on a black rope).
This tool also provides the ability to intercept video conferencing.
To be on the safe side, if you are using any kind of conferencing facility you should assume that the information can be intercepted. With the popularity of IP streamed video systems we are not sure if our network is compromised or not.
so another reason why hybrid is better. i.e use analog in the top security places and ip in not so high places. have the best of both worlds with a hybrid system
Tom Medlicott
Owner, cctvengineer.com
yes i think hybid system will be around for a long time. and infact hybrids will only get better. each month we are starting to see major problems that exist along side the ip systems. end users (the customers) just finding out they have very expensive yearly licence fees to run there ip systems and another problem that has just been released is the following artical from america.
(I HAVE REMOVED LINK TO THE SOFTWARE) if you wish the link please email me.
Spoofing IP based CCTV systems
The case against the security of IP based CCTV systems was recently highlighted with the release of a new web tool shown at the hacker conference in Las Vegas. A security assessment tool, Videojak has the ability to both intercept Internet video feeds and eject false 'looped' images.
Similar in concept to Hollywood's "Mission Impossible" where the attacker can hack, monitor and record a CCTV feed (when nothing is happening), then play this back in a loop to hide the actual live feed (presumably while Tom Cruise is lowered down on a black rope).
This tool also provides the ability to intercept video conferencing.
To be on the safe side, if you are using any kind of conferencing facility you should assume that the information can be intercepted. With the popularity of IP streamed video systems we are not sure if our network is compromised or not.
so another reason why hybrid is better. i.e use analog in the top security places and ip in not so high places. have the best of both worlds with a hybrid system
The importance of encrypting video over Internet
The importance of encrypting video over IP
http://www.wired.com/threatlevel/2009/07/video-hijack/
How important it is to send video encripted and over the VPN?
The importance of encrypting video over IP
How important it is to send video over encrypted video VPN?
Read this article
http://www.wired.com/threatlevel/2009/07/video-hijack/
1. The attackers are able to view video being streamed across a network, and
2. The attackers are able to use a man-in-the-middle attack to insert video controlled by the attacker to a video decoder somewhere on the network.
The linked video shows viscerally how an attacker could foil a security/surveillance video system – a modern-day Thomas Crown Affair. But the underlying problem goes beyond the surveillance market and could conceivably affect a wide range of industries using video over IP. This is a big deal, and vendors of any form of network-connected IP video device – whether a camera, encoder, or decoder – should take note.
http://www.wired.com/threatlevel/2009/07/video-hijack/
How important it is to send video encripted and over the VPN?
The importance of encrypting video over IP
How important it is to send video over encrypted video VPN?
Read this article
http://www.wired.com/threatlevel/2009/07/video-hijack/
1. The attackers are able to view video being streamed across a network, and
2. The attackers are able to use a man-in-the-middle attack to insert video controlled by the attacker to a video decoder somewhere on the network.
The linked video shows viscerally how an attacker could foil a security/surveillance video system – a modern-day Thomas Crown Affair. But the underlying problem goes beyond the surveillance market and could conceivably affect a wide range of industries using video over IP. This is a big deal, and vendors of any form of network-connected IP video device – whether a camera, encoder, or decoder – should take note.
Subscribe to:
Posts (Atom)
Posts
