‘How secure is a security camera’ might look like a simple question, but it isn’t. The definition of ‘secure’ is subjective – are we talking about physical security, digital security, or a combination, for example? That’s why I changed this question into a clearer one:
“How easy is it for someone to hack a security camera?”
Mikko Hypponen, the famous Finish cyber evangelist, is well-known because of his statement: “If a device is smart, it’s vulnerable!”. He shows with this statement that all devices that consist of hard-and software, and are connected to the internet, are insecure (and therefore ‘hackable’). Then, taking this statement as read, an IP security camera is also vulnerable and ‘hackable’. The primary question becomes: how easy is this?
Security cameras (in other words: cameras) are abundant on the market in a number of forms and are being designed, developed, and built by several producers from different countries. The current cameras in the world are so technologically advanced that they fall in the category ‘edge computing IoT devices’. This means they come with lots of complex processes and computer power on board.
These technological developments provide incredible innovative security capabilities, but also serious digital risks. The current cameras consist of advanced hard-and software components that are produced both in-house and by third parties. Because of this complexity, a camera becomes an interesting and inviting attack surface for the ‘bad guys’. It’s a fact that history shows enough examples of hacked cameras (e.g. Mirai botnet), making cameras a favorite target for cyber attackers. But, are cameras also an ‘easy’ target? That depends……
Like the different kinds of camera mentioned above, there are also different kinds of digital security measures for cameras that can be applied by the camera producers. This is exactly the core answer to the question. The resilience of the camera is in essence dependant on the willingness of the camera producer to put effort and budget into the security of the camera itself. Is camera security an investment priority for the producer?
It’s a fact that all IP-cameras are vulnerable. However, it’s also true that the more difficult it is to hack a camera, the more likely it is that a cyberattacker will jump to another camera that’s easier to hack. Cyberattackers are very smart and sophisticated, but also very pragmatic. They prefer easy targets (if they achieve a similar result). A camera producer that invests in cybersecurity to produce a more cyber-resilient camera, will become a less favorable target for those cyberattackers. They prefer to focus on cameras that generate the same results with less effort (in other words easier to hack). In the end, it’s those cybersecurity investments like a Secure-by-Design production process and a Security Response Center that make the difference between a hacked camera and a cyber-resilient camera. But, also investments in a Source Code Transparency Center and the appointment of regional Directors Cybersecurity – although not directly increasing the overall security – show the committment of a company towards cybersecurity
The question ‘How easy is it for someone to hack a security camera’ can be answered by looking at the camera producer and how it approaches cyber-resilient investments. Then the question is easy to answer….