Can Your Physical Security System Leak Private Data?

The endless and widespread announcements of new network security vulnerabilities raises serious data security and physical security concerns. In a commercial environment your security devices can contribute to that data leakage. As physical security technology progresses it increasingly has more data about you and your organization's habits and actions.

In the security control room of The Belagio Hotel in Oceans 11

In the security control room of The Belagio Hotel in Oceans 11

It is a cliche in heist movies -- The Hacker, Gadget Guy, or Mission Control Coordinator will hack into the targets security camera system turning the tables giving the heist crew all of the info and feeding the security guard misleading images. While heist movies are full of far fetched plots, and the simplicity that they present the CCTV takeover is somewhat far fetched, the reality is hackers anywhere on the internet can gain access to the cameras of many vulnerable organization. Once In they can manipulate cameras for the benefit of a heist or just turn all of your cameras and network devices into crypto currency miners or bandwidth eating DDoS attack bots. 

Less dramatic than a casino heist but far more frequent are hackers that are, mostly recreationally, accessing security cameras. The recent Mirai virus is an example where security cameras and servers are turned into bots taking direction from a hacker or hacker network. The Mirai malware is one of many leaving these networks and devices vulnerable.

The actions you can take a minimize your risk:

  1. Make your network security an integral aspect of any physical security roll out.
  2. Keep the firmware on firewalls and appliances (including security cameras, alarm panels, and iot devices) up to date at all times.
  3. Use well supported and business class of firewall. Open source is great if managed by knowledgeable engineers and the distribution is well supported with regular security patches.
  4. Do not open ports through your firewall; use VPN’s to access remote cameras or resources. Use modern and well accepted encryption on your devices. 
  5. Use 2-factor where a physical key (e.g., Yubikey) so that resources are restricted to users with the correct passphrase AND the correct physical key.

Related Resources