Has your cctv system been hacked
Has your cctv system been hacked?
There are two primary methods of hacking a CCTV system (apart from someone knowing your password and logging in to see what you are doing).
There are also different areas that can be hacked, for example in a coax based system, it will be primarily the recorder that gets hacked, however IP systems can have each camera hacked as well as the recorder.
This is what you may see after a hack, or you may not see anything if the hacker is using your cameras to put you under surveillance.
Brute force attack
What is a brute force attack you may ask?
A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate many consecutive guesses of the password until it gets it right.
What this means is that once the hacker has found your password protected CCTV system, they run a small program that simply continues to guess and submit passwords until it finds the right one.
Brute force attacks are old school hacking and have been around since the start of the computer industry and are well and truly dealt with by all the PC manufacturers now by freezing the account after a few incorrect passwords are submitted.
Your CCTV system however is unlikely to have that simple method to protect itself, so the brute force attack can simply run forever until it finds the correct password, and if you have a simple one like 0000 or 1234 or similar, it will only take a few mins to hack your system.
If you have a very complex password like Xt56!!VV568qw34 it would take the brute force attack up to 100 years to guess your password, making it immeasurably safer.
Default or no password
The next method of hacking is even scarier and again, is caused by the owner of the CCTV system, and that there is no password at all, or using the default password.
Almost all CCTV manufacturers use a set of default passwords, these may be 888888 or 111111, or 12345, or admin, or password, etc., these are there so you can access the system when installing it BEFORE YOU CHANGE YOUR PASSWORD.
To find the default password for a particular brand, you just have to search Google for default password for [your brand DVR] and there it is, in fact many sites list all default passwords as a service.
To avoid this and to protect yourself, add a password and write it down. Make sure it is a complex password so you can avoid the brute force attacks as well.
Remember though, when you change your password, you need to record it somewhere as sometimes if you forget, we may not be able to recover it for you, rendering your device inaccessible.
What to do if you have been hacked.
1. Reset the recorder back to factory defaults.
2. Install latest firmware for the particular model if available.
3. Make sure passwords are changed from factory defaults for both admin and any other account on the device.
4. If any cameras were connected but still black after doing this you need to adjust the brightness setting on the camera as it may be on zero level.
Also, ensure you do not use port forwarding on your modem and only use P2P remote access to view your cameras.
If your DVR/NVR is not capable of P2P, then we recommend you upgrade your recorder immediately.
Here is a video from an IT security company that discusses these issues, it is well worth the time to watch it.
Here are some relevant supplier links: