Dangerous access to video cameras

The police and the institute VdS have been warning for years about the often easy vulnerability of insecure cloud solutions - even for components used in the security sector. The most recent example is video camera components from one of the world's largest manufacturers in eastern China. Hacking attempts by Vienna-based IT security consultants SEC Consult uncovered rapid access possibilities for nine million cameras in use, including 1.3 million in Germany, VdS points out. Program manipulation was also easily possible, it said.

According to VdS, it is particularly problematic that although the components are used by more than a hundred end manufacturers, they are usually not identified anywhere. Incidentally, the Botnet "Mirai (perpetrators caught and convicted), which crippled large parts of the Internet including Twitter, Spotify, and Netflix in 2016, derived its attack strength in large part from hacked components from the eastern Chinese manufacturer.

Problematic remote access

Sebastian Brose from VdS explains: "Optimizations have mostly not been made since then. Many institutions around the world that are highly interesting for criminals use the vulnerable components. Hackers not only see everything that happens there quickly and easily, but can also use the gap to get into other systems used on site and misuse them as attack tools. Users of VdS-approved systems don't have such problems - after all, we check for precisely such flaws."

The problem often arises because remote access is made possible via an app. Developers can find help for secure implementation in the VdS 3169 guidelines, as the institute concludes.