- Technology

Towards Mitigating The CCTV Surveillance System Vulnerabilities

The closed-circuit TV or the CCTV and the IP-camera video surveillance system have become inevitable and indispensable in the contemporary period for the business houses, government and non-government organization as well as the public individual users. The basic purpose of their installing CCTV surveillance is to ensure cyber security concernsas well as physical security, to increase personal safety and eventually resist crime. However, the CCTV surveillance has over the period become complex due to various communication means, non-trivial firmware and embedded hardware.

Most researches and systematic studies regarding the vulnerabilities of CCTV surveillance systems normally focus more on private issues instead of addressing the issues of cyber-security effectively and more vigorously particularly when it comes to imagery semantics or visual layer attacks. A compromised and insecure CCTV surveillance system can be potential risks for various factors like endangering the safety and security of the jail, numerous kinds of financial and non-financial data-related thefts particularly of banks and casinos, or interference with law and order and the police etc.

Going beyond the privacy issues on CCTV surveillance vulnerabilities, systematic research and studies should focus on several aspects like the cyber-attack surfaces, the type of attacks, the types of attackers and their purposes, types of directly attacked organisations and businesses, the complexity of exploitations, how to mitigate the threats etc.

The imagery semantics or the visual layer attack is one of the devastating harm caused by the attackers to the video surveillance systems. These attacks are done in a multistage level like at the first stage the CCTV surveillance gets affected by malicious software and firmware, at the second stage the malicious component gets triggered through malicious imagery inputs etc. These attacks can forcefully use camera sensitivity to near-infra-red or infra-red spectrum for sending invisible information. In addition to this, these attacks can also use techniques like “VisiSploit”provided such channel is used to inject commands and data instead of exfiltrate data.

A possible solution to imagery semantics or visual layer attacks may be tainting of video frames. The control and data flow exploration can detect suspicious code that attempts to process video frames like converting communication channel, blur or send them over standard etc. Alternatively, if these kinds of attackswould be implemented in the hardware can be a magnificent and most authentic solution. However, this solution would be very challenging to implement particularly in the runtime but can be performed during the product certification and compliance tests.