Forescout security researchers have demonstrated an attack on an IP camera that results in fake replay footage being displayed to security operators.
Such an attack might sound like a movie script, but the security researchers have demonstrated that it is actually easy to sabotage a surveillance camera and replace the real-time footage with pre-recorded content.
The attack, Forescout reveals, was carried out in only four simple steps and targeted the unencrypted video streaming protocols of the camera. A video demonstration of the attack was also published.
First, the researchers performed a man-in-the-middle attack on the network, to sniff and change passing traffic, then they started capturing the network traffic containing camera footage and record it for replay.
Next, the researchers forced the camera to end its current session with the associated network video recorder (NVR), to capture the NVR request for a new session and modify the specified client port to send the camera video to it. When the NVR attempts to set up a new connection, the attacker can send the recorded footage to it.
“We replaced the actual video stream with one previously recorded, to simulate what could happen in critical facilities like airports and hospitals, where compromising the video surveillance system may be the first step of a physical intrusion,” the researchers explain.
What makes this attack possible is the use of the unencrypted real-time transport (RTP) and real-time streaming protocol (RTSP) to stream video. Another issue, the researchers say, is that these cameras are typically installed, configured and deployed by personnel with little or no cybersecurity knowledge.
The use of alternatives such as using SRTP or RTP over transport layer security (TLS) could reduce the risk associated with such attacks, but not all Internet of Things (IoT) devices include support for these protocols or are either not configured by default, or not enabled by the user.
A Shodan query has revealed the existence of 4,657,284 devices with cleartext RTSP exposed on the Internet, most of them located in China (572,740), the United States (411,850), and Brazil (391,122).
The assault, Forescout also notes, is only one example of the cybersecurity challenges associated with the wide use of IoT devices, especially in smart buildings. Sensors, controllers, smart lighting, surveillance cameras, and other devices are not only cheaper and easier to install, but they also offer remote administration over the Internet.
“The security challenges presented by these devices are forcing organizations to rethink their cybersecurity strategies. Legacy security solutions are not enough to secure today’s networks […].In the age of IoT, new solutions are required,” Forescout points out.
Related: Smart Home Hacked via Vulnerabilities, Social Engineering
Related: Mission Possible: ICS Attacks On Buildings Are a Reality