Cyber operations targeting cameras require relatively limited technical sophistication but offer significant intelligence gains once access to the device is obtained. Over the years, the Indian government has taken various measures to address concerns about imported CCTV surveillance systems. It is equally essential to ensure strong cyber hygiene practices.

Closed-Circuit Television (CCTV) cameras, once benign equipment used for workplace monitoring or crime prevention, have evolved into critical assets for national security and data sovereignty. Advancements in technology over the years have led to the proliferation of Internet of Things (IoT)-enabled cameras with embedded firmware, providing internet connectivity and cloud integration for remote access and control.

There are numerous advantages of using IoT cameras, including ease of access. Security exposure in such devices, due to a large attack surface and other factors, enables malicious actors to exploit them for nefarious objectives. Multiple cases have emerged in the recent past illustrating how these devices, once compromised, can become a strategic liability, particularly during an armed conflict.[i] In fact, compromised traffic cameras in Tehran were used to build a ‘pattern of life’ of senior Iranian leadership, which was later utilised for targeted strikes against them.[ii]

Clearly, the trend of weaponising cameras is not going to stop, especially as technology evolves to integrate AI in this equipment. The brief assesses vulnerabilities in these systems, the potential consequences of these gaps, and the strategic consequences of failing to secure this equipment.

Increasing Attack Surface

Over the years, there has been a notable shift in consumers opting for IoT cameras over analog cameras. The shift illustrates consumers choosing internet-connected cameras for reasons ranging from better-quality video and cloud storage to remote-viewing and AI-based analytics.[iii] However, these features also introduce vulnerabilities with significant consequences, as with any device connected to the internet. To understand the vulnerabilities (Table 1) that contribute to an expanding attack surface, it is essential first to examine the network environment that underpins IoT cameras.

The operation of an IoT camera involves several stages. The camera utilises image sensors to capture pictures, which are then stored in the memory module. The communication interface facilitates image transfer to other devices, while the processor controls the camera’s overall functionality.[iv] However, it is not just the camera, but also other components that make up the environment. Figure 1 depicts the complex, interlinked environment of an IoT camera system: the camera, a smartphone with a camera-associated application installed, the camera’s web interface, and the servers that enable communication within the system.[v] More nodes in a network increase vulnerability by expanding the attack surface and creating more potential entry points for threat actors.

Figure 1. The Smart Camera Environment Source: Alharbi and Aspinall (2018)

Through these devices, threat actors aim to target video streams and personally identifiable information (PII) and gain authorised access to the camera itself, the primary physical asset. Once compromised, these cameras can be misused by actors for varying purposes. An attacker, by deploying various tools and techniques, can get unauthorised access to the network, where they can monitor and retrieve the unencrypted traffic.[vi] Man-in-the-middle (MITM) is one such scenario where an attacker intercepts and potentially alters communication. Malware designed to target smart camera applications on mobile devices or access data stored in phone logs can also facilitate broader network compromise. Other attack vectors include Wi-Fi sniffing, in which an attacker obtains router credentials and gains access as a trusted network component.

Past incidents have shown that attackers can exploit tools such as search engines to identify and scan vulnerable networks and IoT devices, including cameras. The Shodan search engine is one such example. It uses a variety of filters to locate devices such as computers, routers and servers that are connected to the internet.[vii] Conceived as a powerful tool for security professionals to identify vulnerable devices, Shodan has also gained infamy as the ‘Google for hackers’.[viii] It is infamous for being instrumental in black-hat hacking and for identifying IP addresses and, upon connection, collecting and........

© IDSA