CCTV stands for Closed-Circuit TeleVision. Or at least stood for, as today it’s rarely a closed circuit nor TV. It’s usually online and over IP and available to access via an app on your phone, making it all the more hackable.
So how easy is it to hack modern CCTV?
I did some research and the answer is it depends. It depends on the manufacturer, the availability of software and firmware updates, and how it is configured.
Let me explain by switching sides to that of a potential attacker. First you have to find the target CCTV system. This can be achieved using a database like Shodan and tools like Angry IP Scanner. With an IP address and a port scanner such as nmap or the aforementioned Angry IP you can locate the login page. Then it’s just a matter of trying the manufacturer’s default passwords, employing a brute force attack, or making use of an exploit where available.
So how do you secure your online CCTV system? First, make sure it’s a closed system unless you really need to be able to access it remotely; in which case secure the connection by changing any default passwords, make sure all software and firmware is up to date, employ a firewall and VPN (or whitelist IPs for access) and monitor access logs for anything suspicious.
Simple?