Nowadays it is relatively easy to find reports about cybersecurity vulnerabilities in IoT (Internet of Things) devices, such as security cameras, for example. If you open a newspaper - or click on a 'news app' - there is probably plenty of information about the security of IoT devices, ranging from software vulnerabilities to privacy violations and everything in between.
Security cameras are IoT devices and IoT devices are computers that use software, which makes them vulnerable. As the famous cybersecurity evangelist Mikko Hyponnen defines in 'Hypnnen's Law': 'If a device is smart, it's vulnerable!'
Hypponen is right. Every day new computer vulnerabilities are discovered in software, regardless of the creator of this software. In 2019, according to the Miter Corporation, more than twelve thousand computer vulnerabilities were publicly disclosed worldwide and officially reported as CVE (common vulnerability and exposure) in the NVD (National Vulnerability Database).
Vulnerabilities are a given and are simply difficult to prevent, unfortunately there is little that can be done to change that. What actually matters is how an organization deals with and subsequently resolves these vulnerabilities.
Awareness of cybersecurity vulnerabilities is essential for your own IT infrastructure, as well as for the security of business/IOT devices. It is important to understand that 'vulnerability' is not the same as a 'backdoor' and does not only occur with 'cheap quality' IoT devices, but more on this later.
This blog aims to increase public knowledge about the cybersecurity of IoT devices in general and security cameras in particular. It also explains how responsible manufacturers of IoT devices can make their products as cyber-secure as possible.
'Security by design'
Security cameras - like all other IoT devices - are vulnerable to cyber attacks. However, manufacturers of IoT devices can minimize the risk of vulnerabilities by using 'security-by-design' during the production process.
An implementation of 'security-by-design' mainly requires support from management, but also a serious investment in people and resources, which can lead to a longer production process and higher costs per IoT device. It is mainly these higher costs that this approach entails, why several manufacturers abandon 'security-by-design' (and think they are cheaper).
Conclusion and recommendations
The cybersecurity of IoT devices is a serious matter that must be addressed at the beginning of the production process and subsequently applied in all phases of production. This is called 'security-by-design' and requires full commitment from management, a dedicated cybersecurity team and serious investments. Unfortunately, not all IoT manufacturers have organized their organization and production in such a way, resulting in a large amount of negative publicity in the media about the cybersecurity of IoT devices.
Fortunately, there are some IoT manufacturers who take this seriously and do everything they can to make IoT devices as 'cybersecure' as possible. This cybersecurity is not only dependent on the IoT manufacturers, the users also play an important role here. Especially by informing themselves about IoT cybersecurity and asking critical questions of themselves and the IoT manufacturers.
Do I trust the manufacturer of the security camera, which only costs a few euros? Does this manufacturer have a cybersecurity organization/team? How does this manufacturer handle vulnerabilities?
These are questions you can ask yourself when purchasing a product. Curious about what we can do for your online infrastructure? Please contact us.
Source: Computable