These security cameras were hacked

Everyone wants more security, but hardly anyone wants to spend money on it. Companies like to save money on security cameras, cloud solutions and installation. Where are the risks? Insights from a software developer and integrator of security systems.

What integrators and customers should know

There are some security vulnerabilities with surveillance cameras. The government of Lithuania uncovered over 61 vulnerabilities in cameras from Dahua and Hikvision in May 2020. Among other things, data was sent to Russian servers. Manufacturers or third parties could directly access the camera streams thanks to weak passwords.

2019 Heise Online reports that students at Offenburg University of Applied Sciences have discovered a significant security vulnerability in Dahua cameras. The vulnerability CVE-2019-9677 is considered “critical”. Attackers could target the vulnerability, trigger a memory error (buffer overflow) and ultimately load and execute malicious code on cameras.

US Government bans products from Dahua, Hikvision and suppliers

The US is going a step further and banning products from Dahua, Hikvision and Huawei Hisilicon in federal facilities. Specifically, the US government requires its suppliers to remove Dahua, Hikvision and Huawei products (incl. OEM) from federal agency facilities.