• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Housing Technology Main Logo

Housing Technology

Housing | IT | Telecoms | Business | Ecology

  • Free Subscription
  • Contact
  • Home
  • Research
  • Magazine
  • Events
  • Awards
  • Recruitment
  • On Demand
Home / Magazine Articles / How secure are your CCTV systems?

How secure are your CCTV systems?

Housing providers rely on CCTV to protect their residents and properties. So many property managers will be worried after reading in the national press last month that MI6 is concerned that some CCTV cameras pose a potential threat to national security.

The article highlighted that China is Britain’s largest supplier of CCTV equipment and expressed grave concerns about the potential security risk, particularly for internet-connected cameras. As a result, the CCTV section of the British Security Industry Association (BSIA) urged operators of IP-connected surveillance systems to do more to safeguard their systems against cyber attacks.

This story reminds us that many CCTV systems are inherently insecure. Independent research (see link at the end of this article) published earlier this year found that several CCTV systems connected to the internet were successfully controlled by an unknown attacker in just 24 hours and had worrying security flaws, providing an open door to the rest of an organisation’s network. It found that both analogue and digital systems are at risk, as are many cloud-based systems.

While the information held by housing providers may not in itself threaten national security, insecure CCTV cameras pose other risks. They are a potential entry point for corruption and Distributed Denial of Service (DDoS) attacks, and make organisations vulnerable to the extraction of sensitive information, breaching the Data Protection Act (DPA). However, the good news is that many of these risks can be prevented by understanding how they arise and taking simple security precautions.

A key vulnerability in traditional DVR-based systems is their use of port forwarding, which effectively creates a ‘hole’ in the firewall, thus compromising the security of the network. The firewall can be configured to only allow certain external IPs (known as IP white-listing), but companies still remain vulnerable to attack.

Many manufacturers recommend using Dynamic DNS, which automatically updates a name server in the Domain Name Server (DNS) to enable the user to find the DVR. The problem is that this allows a potential attacker to find hundreds or even thousands of vulnerable devices simply by testing domain names. Other problems include a lack of updates to fix bugs identified post-sale and the propensity of manufacturers to include ‘back doors’ which are often revealed on the internet.

Users themselves may exacerbate problems because footage may rarely be looked at and the user interface provides no feedback, so problems may not be discovered until long after a security breach.

Dedicated cloud based solutions are designed to provide built-in internet connectivity, rather than having it ‘bolted on’, and offer features such as remote video streaming and data back-up in a more reliable and user-friendly way. In principle, they should offer improved security, but can suffer from similar vulnerabilities to DVRs. However, many cloud video solutions also use port forwarding to allow access to RTSP video streams, making them just as vulnerable as DVR-based systems.

The other potential risk with cloud-based solutions is data security. Users need to ensure that their cloud providers have strictly defined controls around the access to, and management of, customer data, and do not share that data with a third party without their explicit consent. To ensure sensitive data is secured both in transit to and while stored in the cloud, organisations need to look for systems that offer authentication, end-to-end encryption with SHA-2 and TLS, and a digital signature to ensure data integrity. They also need to find out where the data is held to ensure they are compliant with data protection regulations.

Intelligent IoT camera adapters are now available which only allow encrypted outbound connections to specific cloud-based services, and can be retrofitted to existing analogue and digital cameras. They connect both types of cameras securely to the cloud using standard internet connections − broadband, 3G or satellite. Authorised users can then access the footage from any device and any location. Because such adapters only require a fraction of the functionality of a full DVR, they are much less useful to a potential attacker.

While these offer a more secure solution to CCTV security, there are two simple steps that organisations can take immediately, whatever system they have installed. First, they should ensure that usernames and passwords have been changed from the default state and are of a sufficient strength to prevent immediate access.

Secondly, they should ensure that they comply with the recommendations of the Information Commissioner’s Office and the Surveillance Camera Commissioner by ensuring that all CCTV data is encrypted when in transit and when it is being stored to prevent it from being used for unauthorised purposes.

James Wickes is CEO and co-founder of Cloudview.

To download a copy of the independent research, visit http://bit.do/cyber_attack.

For more information visit www.cloudview.co

See More On:

  • Vendor: Cloudview
  • Topic: Infrastructure
  • Publication Date: 054 - November 2016
  • Type: Contributed Articles

Primary Sidebar

Most Recent Articles

  • Artificial intelligence in housing
  • Mobysoft – Data problems affecting complaints’ handling
  • Data, AI and private-sector strategies
  • Smart repairs & smarter homes
  • From firewalls to fortresses
  • Achieving three quick wins in AI
  • Rebuilding Selwood Housing’s IT infrastructure
  • Are you ready for organisational AI?
  • PIMSS releases AI Document Reader for compliance
  • Calico Homes cuts arrears with RentSense
  • FourNet launches digital transformation index
  • New income recovery software from Voicescape
  • Asprey Assets at YMCA
  • I love spreadsheets…
  • All watched over by machines of loving grace – AI assistants and adult social care
  • The rent revolution – The case for AI-powered payments
  • Unlocking safer living through data
  • Aareon acquires MIS ActiveH
  • Vericon launches MouldSense
  • Back to the future at Housing Technology 2025
  • FireAngel wins Which? Award
  • Maximising income and preventing homelessness
  • Anchoring digital innovation with Plentific
  • Cynon Taf Community Housing gets Housing Insight’s Arrears Manager
  • Tenants, AI & your biggest compliance risk
  • EDITOR’S NOTES – Data, standards & straight-through processing
  • AI as a social housing expert
  • South Yorkshire Housing halves arrears with Mobysoft
  • Bromford Flagship wins Aico’s smart-home competition
  • Putting VIVID’s customers in control of their tenancies

Footer

Housing Technology Main Logo
  • Instagram
  • LinkedIn
  • YouTube
  • Contact
  • Free Subscription
  • Book an event
  • Research
  • Update Your Subscription
  • Privacy Policy

Welcome to the housing Technology – Trusted Information For Business Professionals in HOusing

Housing Technology is the leading technology information service for the UK housing sector and local governments. We have always believed in the fundamental importance of how the UK’s social housing providers use technology to improve their tenants’ lives.

Subscribe to Housing Technology to gain market-leading research, unsurpassed peer networking opportunities and a greater understanding of your role to transform your business.

Copyright © The Intelligent Business Company 2025 | Terms and Conditions | Privacy Policy
Housing Technology is published by the The Intelligent Business Company. A company with limited liability. Registered in England No. 4958057 | Vat Registion No. 833 0069 55.

Registered Business Address: Hoppingwood Farm, Robin Hood Way, London, SW20 0AB | Telephone: +44 (0) 20 8336 2293