How can one avoid video jacking?

The article ( http://www.wired.com/threatlevel/2009/07/video-hijack/ ) on how a malicious intruder in a LAN can hijack an IP camera and insert his/her own IP feed into the system. The intruder uses a simple but effective technique called ARP cache poisoning / ARP spoofing. ARP cache poisoning is a technique that uses a host computer (the intruder) to position itself between an IP camera and an NVR, making the NVR believe that it is talking to the IP camera, but in fact it is talking to the intruder. This way, the intruder can inject any video feed that it wants into the NVR.

This is a fundamental problem with NVRs and IP cameras. Since LAN is a trusted environment, and ARP is a technique that was developed assuming trust between computers on a LAN, this problem will not easily go away unless the underlying protocols are changed.

Even if the video is encrypted on the LAN, the main communication between the client and the server is not. This can help an attacker disable the NVR/DVR in question, even if he is not able to inject video.


How can one avoid video-jacking? One way is entirely avoid using IP cameras and use only Analog cameras. Since tampering of analog cameras require physical access to the infrastructure, this may be a bit more secure. One can argue that even with analog cameras in place, IP streams still do flow through the LAN from the DVR/NVR to any connected clients.

A more complete way to prevent video injection is by using a peer-to-peer VPN connection along with Analog cameras. Cradle's enVigil products come with peer-to-peer VPN pre-installed. Thus, all access on the LAN to the enVigil server is through a peer-to-peer VPN connection. Thus, even if a computer is hijacked with APR spoofing techniques, it will be nearly impossible to inject/hijack the video streams, since that requires cracking the VPN networking layer.

Please visit www.cradle.com for more information on the enVigil product.