Jay Sawyer profile picture

Jay Sawyer

Security Architect

Tuesday, July 3, 2018

Today, more news regarding surveillance cameras were under scrutiny as more vulnerabilities were exposed. These vulnerabilities were reported as CVE-2018-10658CVE-2018-10659CVE-2018-10660CVE-2018-10661CVE-2018-10662CVE-2018-10663 and CVE-2018-10664. It was discovered that chaining three of any of the listed vulnerabilities together can compromise the cameras, allowing threats to be introduced into an IoT Ecosystem, providing pivot points for further malicious activity. IP surveillance cameras are easy targets for cyberthreats due to their low administrator involvement and constant connection to a network and the internet, making these types of exposures a cheap path for hacking.

The typical structure of an attack on IP surveillance cameras is modeled after the cyber kill chain. The attack can consist of reconnaissance or identifying the target and its vulnerabilities. Once proper information is gained, the IP camera is then weaponized; remotely installing malware and preparing the IoT device for command and control for the attacker’s objective. Two types of outcomes can occur with this unauthorized access; to cause damage and destruction or advanced persistent threats (APT) where bad actors are undetected for long periods of time with the intent to steal data, such as personally identifiable information.

Tempered Network’s Identity Defined Networking (IDN) solution can easily and securely segment your IoT ecosystem from your existing network, cloak your IP surveillance cameras from cyber-attacks and effectively make your cameras and other IoT devices invisible to hackers. Cloaking reduces the total attack surface area and eliminates the cyber kill chain at the Reconnaissance level, potentially eliminating the attack from further advancing. When your IP surveillance cameras are cloaked by Tempered’s IDN, they are not able to be scanned for IP addresses or running services. Hackers can’t hack what they cannot “see”.

Our IDN design objective is based on the principle that it must be easy to connect, cloak, segment, move, failover, and disconnect networks and individual resources. IDN unifies networking and security into a single platform, making it simple to create Zero Trust Overlays without having to modify existing network or security infrastructure. Our point-and-click management console makes it easy to connect, micro-segment and manage all your networked devices—across any transport or location. And this approach comes at a fraction of the cost of alternative solutions.

Building and managing secure identity defined networks is easier and more cost effective than you may think. For more IDN details and use cases to help secure your IoT Ecosystem and address your 2018 IoT cybersecurity challenges, please visit Tempered Networks.


Hacking more than 400 Axis camera models by chaining 3 flaws

VDOO Discovers Significant Vulnerabilities in Axis Cameras

Three Vulnerabilities Found in Foscam IP Cameras (CVE-2018-6830)