In the famous incident called “The Fappening”, hundreds of celebrity nude pictures were stolen from iCloud and posted online, resulting is sever breach of their privacy. Subsequent incidents has demonstrated just how vulnerable we can be when posting pictures online, be it on a secure storage service or when sending it via digital means (email, instant messaging applications, etc.). With the raising fear for violation of privacy, came greater awareness of the associated risk. People today are aware and can take precautions with regards to whom they share sensitive image and how the secure them online. The same goes for webcams installed at the home environment- people today are aware that these can be hacked into and therefore take precautions when near such devices. But when we’re in a public space our control over who’s filming us and how they use this information is non-existent.
One of Israel’s famous singers, Eden Ben-Zaken, found that out the hard way. Several days ago footage of her trying on a swimsuit at a local shop emerged and were distributed quickly on messaging apps. Ben-Zaken filled a complaint with the local police where it was discovered that security footage from the store were leaked, allegedly by someone who hacked into the security camera (or its recordings) which then posted them online.
Why were security cameras placed in a way that allowed them to capture sensitive image is one question that is related to privacy, but in terms of security, many questions arise. Where was the footage stored? Who had access to it? Was the camera hacked directly (or accessed without permission) or simply the local PC where the footage was stored?
At best, the store owner was negligent. A more sinister scenario could be that of a professional hacker who’s hacked into multiple locations with the hope of capturing the footage of someone they can later extort. With growing adoption of mass-scale, IoT and cloud-enabled surveillance, often sold as a service, this scenario is very plausible.
It is certainly not the first time that IP cameras have been hacked into. Cameras sold as a commodity nowadays, and are protected by default passwords, that can be easily guessed (most people don’t bother changing the default factory setting- and these can be found online). Even if consumer alter the passwords to more robust ones, there still might be backdoors pre-installed on the device itself- something that almost no user can identify.
Several months ago it was made public that a backdoor that existed in IP cameras by HIKvision, which allows anyone to to access their footage.
Cameras are mostly hacked into for the purpose of viewing the footage, but sometimes the purpose is the opposite- to delete it. Several months ago, the Italian branch of Anonymous, remotely took control of a local police computer system in Correggio, Italy, and erased the speed camera ticket database, comprised of more than 40 gigabytes worth of infringement photographs
The new reality is that due to poor security of cameras, we cannot maintain our privacy in the public space. We can predict that more and more cybercriminals will realized this and learn how to capitalize on this, making the incident of Ms. Ben Zaken the first of many- unless a concentrated effort will unfold- by privacy and security advocates, IoT service providers and the public- all demanding greater levels of security to ensure such incident will be the standout rather the then norm.
To learn more about SecuriThings Real-time IoT Security solution please contact us at [email protected]