The recent revelations of US security researchers Craig Heffner about detection of bugs in security surveillance equipments of major vendors may have already sent shock waves, but this is no shocker for Bangalore based security expert Rahul Gupta!. For him there is nothing new in the discovery claims his company already has a solution to CCTV hacking.
Recently, Heffner, a vulnerability researcher with Tactical Network Solutions (the company behind the Reaver WiFi cracking tool) told Reuters that widely used surveillance cameras from firms including Cisco Systems Inc, D-Link Corp and TRENDnet contain undisclosed bugs that make them susceptible to hacking. The researcher has promised to disclose the vulnerabilities to the vendors before his presentation at Black Hat conference, Las Vegas, starting 31 July.
[image_library_tag 292/80292, style=”float: right;” alt=”guptaannexgate” ,default]
Rahul Gupta, Managing Director, SSSPL, a security solutions company, claims his company was the first to build firewall into surveillance cameras. The companies AnexGATE solution which includes this firewall has been registered though no patent application has been made so far.
The Bangalore based company’s AnexGATE tech was used in cameras deployed by Pinkerton Securitas for NATO Confernce 2012, Chigaco. Eversince, the company has received several key export orders in US , Europe and far east.
What Heffner has said is that somebody could potentially access a camera and view it. Or they could also use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems.
Guptha counters the researchers statement saying “Nobody can control cameras without cracking password or ID. With Annex Gate implementation in surveillance cameras, video data from camera to server is transferred through VPN tunnel. Video sent from the firewall is encrypted and sent to respective control rooms for decoding, so there is no question of somebody hacking the system to get data under AnnexGate.”
Any device with an IP address can be probed and potentially breached remotely. Indeed, someLuser found vulnerabilities in about 20 security camera solutions earlier this year. His claims were investigated by Rapid7 who found they could access the device configuration and gain cleartext usernames and passwords.
So far Cisco, D-Link and TRENDnet have promised to take appropriate action that might be needed to secure their equipment after the Black Hat presentation. We need to wait till Black Hat conference to know what Heffner would reveal new.