Connect with us

Hi, what are you looking for?


IoT Security

Researchers Replace IP Camera Feed With Fake Footage

Forescout security researchers have demonstrated an attack on an IP camera that results in fake replay footage being displayed to security operators. 

Forescout security researchers have demonstrated an attack on an IP camera that results in fake replay footage being displayed to security operators. 

Such an attack might sound like a movie script, but the security researchers have demonstrated that it is actually easy to sabotage a surveillance camera and replace the real-time footage with pre-recorded content.

The attack, Forescout reveals, was carried out in only four simple steps and targeted the unencrypted video streaming protocols of the camera. A video demonstration of the attack was also published. 

First, the researchers performed a man-in-the-middle attack on the network, to sniff and change passing traffic, then they started capturing the network traffic containing camera footage and record it for replay.

Next, the researchers forced the camera to end its current session with the associated network video recorder (NVR), to capture the NVR request for a new session and modify the specified client port to send the camera video to it. When the NVR attempts to set up a new connection, the attacker can send the recorded footage to it.

“We replaced the actual video stream with one previously recorded, to simulate what could happen in critical facilities like airports and hospitals, where compromising the video surveillance system may be the first step of a physical intrusion,” the researchers explain

What makes this attack possible is the use of the unencrypted real-time transport (RTP) and real-time streaming protocol (RTSP) to stream video. Another issue, the researchers say, is that these cameras are typically installed, configured and deployed by personnel with little or no cybersecurity knowledge.

Advertisement. Scroll to continue reading.

The use of alternatives such as using SRTP or RTP over transport layer security (TLS) could reduce the risk associated with such attacks, but not all Internet of Things (IoT) devices include support for these protocols or are either not configured by default, or not enabled by the user. 

A Shodan query has revealed the existence of 4,657,284 devices with cleartext RTSP exposed on the Internet, most of them located in China (572,740), the United States (411,850), and Brazil (391,122).

The assault, Forescout also notes, is only one example of the cybersecurity challenges associated with the wide use of IoT devices, especially in smart buildings. Sensors, controllers, smart lighting, surveillance cameras, and other devices are not only cheaper and easier to install, but they also offer remote administration over the Internet. 

“The security challenges presented by these devices are forcing organizations to rethink their cybersecurity strategies. Legacy security solutions are not enough to secure today’s networks […].In the age of IoT, new solutions are required,” Forescout points out. 

Related: Smart Home Hacked via Vulnerabilities, Social Engineering

Related: Mission Possible: ICS Attacks On Buildings Are a Reality

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.

IoT Security

An innocent-looking portable speaker can hide a hacking device that launches CAN injection attacks, which have been used to steal cars.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

IoT Security

Researchers at offensive hacking shop Synacktiv demonstrated successful exploit chains and were able to “fully compromise” Tesla’s newest electric car and take top billing...

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

IoT Security

Vulnerabilities in electric vehicle charging management systems can be exploited for DoS attacks and to steal energy or sensitive information.

IoT Security

Chinese video surveillance company Hikvision has patched a critical vulnerability in some of its wireless bridge products. The flaw can lead to remote CCTV...