Is your physical security system an attack surface for hackers?

Physical security systems are increasingly being targeted by cyber-criminals, with new exploits and vulnerabilities being discovered every day.  To keep on top of these threats requires a new way – Viakoo.  As the leading physical security system and data verification solution Viakoo’s purpose built technology can help you see all sorts of issues in your physical security system, including cyber threats.

Please scroll below to understand how Viakoo addresses today’s key cyber threats like Devil’s Ivy, Mirai, Persirai, and the use of default camera device passwords.

Other resources include:

Securing the Security Network:  12 point checklist (our most popular download)

Automated Default Password Checking:  learn more about Viakoo’s recently launched automated default password checking capability

Camera Device Firmware Reporting: new in version 2.16, Viakoo reports (at site, region, or global level) the firmware version used in each camera.

Automated Camera Firmware Update Manager:  This new product option allows for the user to securely and automatically update all camera devices to the vendors’ most recent firmware version.  Winner of Security Today’s New Product of the Year.

Viakoo Blog:  Check out our recent post on physical security systems as attack surfaces.

Viakoo has solutions.

Get Started Now – Please Provide Your Contact Info and We’ll be in Touch

Devil’s Ivy Vulnerability

According to Senrio (who discovered this vulnerability):

Devil’s Ivy results in remote code execution,and was found in an open source third-party code library, from gSOAP.  When exploited, it allows an attacker to remotely access a video feed or deny the owner access to the feed.

How Viakoo Helps

There are three key mechanisms used by Devil’s Ivy that can be detected and alerted by Viakoo:

1: Flaw to continually reboot the camera: Viakoo will see tcp/udp port change, camera uptime change

2: Change network settings and block the owner from viewing the video feed. With Viakoo you can be automatically alerted nwhen there is no video stream

3: Reset the camera to factory default, which will prompt the attacker to change the credentials, giving them exclusive access to the camera feed. Viakoo has automated checking if a camera is using a default password, making it easy to scan for this change.

Mirai & Persirai Botnets

Like other IoT botnets, Mirai and Persirai take advantage of open Universal Plug and Play (UPnP) ports on IP cameras to infect them. Once on an IP camera, the malware is designed to connect to a command-and-control server and download software for launching DDoS attacks against specific targets.

How Viakoo Helps

Viakoo is constantly analyzing your physical security infrastructure for abnormal or out-of-bounds conditions.  With botnets that commandeer resources in order to launch attacks Viakoo can alert you when unusual traffic is detected from the camera device, and can also be used to look at other resources on the physical security network for potential cyber-security issues.

Cameras with Default Passwords

Probably the most common vulnerability in a physical security system is when IP connected cameras are using default passwords.  These are easily obtained, and can provide hackers with access to video streams and put them in control of the camera device.

How Viakoo Helps

Especially with a large number of camera devices it is hard to ensure that they have all had their default passwords changed, and to make sure the new password is not an easy to guess or common password.  Viakoo can automatically scan all camera devices on your network, and will generate a report showing exactly which cameras are still using a default or easy to guess password.