It’s ironic when devices you own for the sake of security actually put you at risk. It’s like having a guard dog who barks at the wife and kids but quietly wags its tail at the stranger forcing their way into your window.
That’s how a lot of business owners are feeling right now, as security cameras have been one of the attack vectors of choice for cybercriminals.
Let’s dive in.
Older Security Cameras are Being Exploited by Cybercriminals to Spread Malware
Any device that’s connected to your network is bound to have vulnerabilities. That’s why hardware and software manufacturers provide regular security updates, firmware updates, and patches. In a world where cybercriminals and scammers treat their craft like a business, there is really no way for any technology company to make a device that is immune to being hacked or exploited. Instead, it’s a constant game of cat-and-mouse to keep up with the cybercriminals and patch new vulnerabilities.
Well, what happens when a device is older, and no longer supported by the company that makes it?
What happens when the company that makes the device goes out of business?
That device becomes a ticking time bomb.
There is also more of a likelihood that cybercriminals will target exploits in a device that is still popular and in use. If you are one of the last people in the world with a working iPod Touch from 15 years ago, you probably aren’t holding as big of a target as someone with a widely popular printer that recently reached end-of-life, and is still found in hundreds of thousands of offices.
Cybercriminals have found a “sweet spot” when it comes to older devices with potential vulnerabilities to take advantage of. Older security cameras often have a comparatively short span of time that they are supported, and yet they connect to your network and the Internet. On top of that, these devices are physically out of reach, which gives them that sort of out-of-sight, out-of-mind status. You don’t touch them every day, you just rely on them to work. Security cameras are just another part of the infrastructure, like your thermostats and light bulbs.
But ignoring them can be risky.
The most recent real-world example has been with AVTECH IP cameras. While these cameras have been discontinued for years, cybercriminals found a 5-year-old vulnerability that was never patched by AVTECH and are using it to spread malware. The vulnerability is found in all AVTECH AVM1203 IP cameras.
The malware can potentially spread onto your network despite having basic cybersecurity protections in place, since it’s coming in through a trusted device.
The U.S. Cybersecurity and Infrastructure Security Agency has released a warning about these particular cameras, as they are still being used throughout businesses, including those in the financial, healthcare, and transportation industries. The agency is recommending that businesses that have AVTECH AVM1203 cameras take them offline and replace them immediately.
This Isn’t Just One Particular Brand or Model of Camera
While we are seeing real-world examples of the AVTECH cameras spreading malware, this could happen with any older security camera. It could even occur in new cameras that aren’t being properly managed, maintained, and kept updated.
Fortunately, auditing and maintaining cameras that are still supported by the manufacturer is pretty easy—it just needs to happen.
Businesses also have to stay clear of consumer-grade security cameras, as they often don’t have the features or security options that your organization needs to protect itself. The linked blog covers a lot of other reasons to avoid these types of cameras.
Get Your Security Cameras Audited
It’s a good time to have your security cameras reviewed. It doesn’t always mean you need to replace them, but making sure they are being updated regularly and managed will save your business a massive amount of headaches in the future.
We’d be happy to set up a time to review your physical protections and cybersecurity. To get started, give us a call at (410) 531-6727.