Misconfigured City CCTV Systems Under Attack

Misconfigured City CCTV Systems Under Attack: Hackers Could Modify Video Feeds in CCTV Systems

Security examination of a working city video surveillance system by Kaspersky Lab has revealed that networks designed to help protect people from criminals and terrorists could be misused by a third party exploiting system configuration flaws.

It is no secret that police departments and governments have been monitoring city streets for years, with security cameras proving invaluable in crime investigation and prevention. However, as a result of research conducted by Kaspersky Lab researcher Vasilios Hioureas and his fellow researcher Thomas Kinsey from Exigent Systems Inc., these systems could also be used in a harmful way.

As part of their research, the authors examined the security video surveillance network in one city. Surveillance cameras were connected via a mesh network – a type of network in which nodes are connected with each other and serve as stepping stones for data (video feed in this particular case) on its way from a node to the control centre. Instead of using a Wi-Fi hotspot or wired connection, nodes in such networks simply transmit data to the closest node which transmits it further through other nodes right to the command centre. Should an intruder connect to just a single node in the network, they will be able to manipulate the data transmitted through it.

Mesh-network based video surveillance systems are, in general, an inexpensive alternative to surveillance systems which require either multiple hotspots throughout a city, or miles of wires. But the security of such networks is heavily dependent on how the whole network is set up. In the case investigated by the researchers, the network of cameras used no encryption at all. After purchasing equipment similar to that used in the city, Kaspersky Lab researchers discovered that sufficient encryption tools are provided, but they were not being used correctly in this case. As a result, clear text data was being sent though the network and made freely available to any observer who joined.

The researchers quickly realised that creating their own version of the software used in the network would be enough to manipulate the data traveling across it. After recreating the network and software in the lab, they were able to intercept the video feeds from any node and also modify them e.g. exchange the real video from the camera with a fake one.

The researchers shared their findings with the company that had set up the surveillance network in the city last summer. Since then, the necessary changes have been made to the vulnerable network.

“We undertook this research to highlight that cybersecurity also affects physical security systems, especially critical public systems like video surveillance. When building a smart city, it is extremely important to not only think about the comfort, energy and cost efficiency that the new technologies will bring, but also about the cybersecurity issues that might arise. Although the findings of this research were presented last august we have reasons to believe that its findings are still useful for city authorities that are planning to implement mesh-network based surveillance systems or implemented it already,” – said Vasilios Hioureas, Junior Malware Analyst at Kaspersky Lab and a co-author of the research.

In order to avoid the security vulnerabilities associated with mesh-networks, Kaspersky Lab recommends the following measures:

Although still potentially hackable, Wi-Fi Protected Access with a strong password is the minimum requirement needed to stop the system from being an easy target.
Hidden SSID (public names of a wireless network) and MAC filtering (that allows users to define a list of allowed devices on the Wi-Fi network) will also weed out unskilled hackers.
Make sure that all labels on equipment are concealed and enclosed to deter attackers who do not have insider information.
Securing video data using public-key cryptography will make it almost impossible to manipulate video data.
The research was originally presented at DefCon 2014. It has been published as part of Kaspersky Lab’s contribution to the knowledge base of Securing Smart Cities – a global not-for-profit initiative that aims to solve the existing and future cybersecurity problems of smart cities through collaboration between companies, governments, media outlets, not-for-profit initiatives and individuals across the world.

The full text of the research is available on Securelist.com and this report was first published by Kaspersky Lab.

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

access control integration

HID Redefines Physical and Digital Security Integration

HID announced the launch of HID Integration Service, a platform that integrates physical security, cybersecurity and digital identity…
Verkada

How cameras will fuel the smart cities of tomorrow

Daniel Zheng, Director, Sales Strategy & Operations, Verkada provides their insights into smart cities, in the first installment of an…
Sunstone Systems

Design Risk Assessment for Solar-Powered Surveillance

Liam Cornish, Head of Technical Operations at Sunstone Systems talks about how the design of solar-powered surveillance and…
Dallmeier

Professional Mobile Video Management “in your Pocket”

Dallmeier introduces the SeMSy Mobile Client, a product designed for the user experience, functionality and simplicity for the end user 
Powerview

The Power of Surveillance with Powerview

Powerview, provider of high-quality video surveillance solutions provides their insight into the changing trends of the sector set to…
Kingdom

Demand for temporary CCTV towers rises

Demand for temporary CCTV towers rises after surge in professional gangs targeting construction sites, says Kingdom Systems.
smart city

Powerview’s Response to Smart City Surveillance

In an era where urbanisation is on the rise and when advances in AI are progressing rapidly, the concept of smart cities has become…
SICUREZZA

SICUREZZA: Building a smarter future

Security Buyer takes a look at the upcoming SICUREZZA event in Milan, taking place November 15-17. What can you expect from…
AxxonSoft

AxxonSoft’s Vision for Future of Security

Axxonsoft share their vision for the future, as they continue to make significant progression in product development…
Axis

Axis Communications announces new panoramic cameras

Axis Communications announces two new ultra-compact panoramic cameras designed for high-quality indoor surveillance.
Scroll to Top