CCTV cameras made in China are installed in British offices, high streets, and even government buildings, and Panorama has examined security issues concerning the two leading companies. What is the ease of hacking them, and what does it represent for our security?
A man sits at his laptop in a darkened studio within London’s Broadcasting House and enters his password.
A hacker thousands of miles away is observing everything he types.
The BBC staffer then takes out his phone and enters the passcode. The hacker now has it as well.
A security weakness in the surveillance camera on the ceiling, made by the Chinese company Hikvision, makes it vulnerable to assault.
RELATED: Chinese Hackers Target Critical US Bases On Guam, According To Microsoft
“I own that device now, and I can do whatever I want with it,” the hacker claims. “I can turn it off… or I can use it to keep an eye on what is going on at the studio.”
Fortunately for the man being monitored, the hacker is cooperating with him. Panorama is conducting a series of tests to assess the security of select Chinese-made surveillance cameras.
Hikvision and Dahua are two of the world’s leading surveillance camera manufacturers.
Nobody knows how many of their vehicles are on the streets of the United Kingdom.
REALTED: Hackers Claim To Have Extensive Access To Western Digital Systems
Big Brother Watch, a privacy advocacy group, attempted to find out last year. It sent 4,510 Freedom of Information requests to public organisations in the UK between August 2021 and January 2022. Of the 1,289 people who replied, 806 said they used Hikvision or Dahua cameras. Hikvision is used by 227 councils and 15 police forces, and Dahua is used by 35 councils.
Panorama discovered Hikvision cameras outside the Department for International Trade, the Department of Health, the Health Security Agency, Defra, and an Army reserve center in central London on a single afternoon.
Security experts are concerned that the cameras might be deployed as a Trojan horse to damage computer networks, causing public unrest.
Prof Fraser Sampson, the UK’s surveillance camera commissioner, says that the country’s key infrastructure is vulnerable, including power supplies, transportation networks, and access to fresh food and water.
“All of those things rely heavily on remote surveillance,” he continues, “so if you have the ability to interfere with that, you can cause mayhem cheaply and remotely.”
“We have all seen the Italian Job in our youth, where you bring the entire city of Turin to a halt through the traffic light system,” says Charles Parton of the Royal United Services Institute (Rusi), a former ambassador who worked in Beijing. That might have been fiction back then, but it is not anymore.”
Hikvision told Panorama that it is a self-contained corporation that poses no threat to UK national security.
“Hikvision has never conducted, and will never conduct, any espionage-related activities for any government in the world,” the company stated, adding that its “products are subject to strict security requirements and are compliant with the applicable laws and regulations in the UK, as well as any other country and region in which we operate.”
Panorama collaborated with IPVM, a top authority on surveillance technology based in the United States, to see if it was possible to hack a Hikvision camera. The one placed in a BBC studio was supplied by IPVM.
RELATED: North Korean Hackers Are Attacking US Hospitals
Panorama was unable to run the camera on the BBC network due to security concerns, so it was placed on a test network with no firewall and insufficient protection.
Panorama tested camera contains a vulnerability found in 2017. Conor Healy, the director of IPVM, described this as “a back door that Hikvision built into its own products.”
Hikvision claims that the fault was not purposefully encoded into its devices, and that it released a software update to correct it nearly immediately after becoming aware of the problem. It goes on to say that Panorama’s test is not indicative of current gadgets. However, Conor Healy claims that more than 100,000 cameras online are still vulnerable to this problem.
Conor and IPVM’s research engineer John Scanlan are sitting behind laptops in their Pennsylvania offices as Panorama’s hacking attempt begins.
Hacking a computer system without authorization is a crime, thus Panorama is not going into great detail about how they do it.
Healy and Scanlan begin by locating the camera inside Broadcasting House and then proceed to breach its protection.
Then Healy multiplies the time it takes to grab control by two. Only 11 seconds later, Scanlan declares, “We now have access to that camera.”
They can now see inside the studio, including the Panorama employee who is working on his laptop.
RELATED: A Russian Hacker Is Accused Of A $200 Million Ransomware Spree
“If we zoom in close on the keyboard, we can clearly see the keys he is pressing to enter his password,” Scanlan explains.
“It is like a locksmith giving you a key to your house while secretly creating a master key for all of the locks in that neighborhood… that is effectively what Hikvision engineers did.”
Panorama exposes China’s global monitoring apparatus, from spy balloons to secret police posts and dissidents on the run. We expose new information about Beijing’s spy balloon fleet and hack a Chinese-made security camera to demonstrate how similar gadgets that line our streets might be abused.
Hikvision claims that their “products do not have a ‘backdoor,'” and that this issue was not intentionally encoded into them. It goes on to say that it expects nearly all of the municipal governments that use its devices would have updated their cameras long before now.
The hackers then launch their second test, compromising the software that controls Dahua’s cameras.
In IPVM’s headquarters, two test cameras have been installed. If the hackers succeed, they may be able to take control of a complete network of surveillance cameras.
They quickly discover the program flaw. “There we go, we are in,” Healy exclaims.
They can utilize a camera to eavesdrop now that they are inside the system.
“What a lot of people do not realize about these cameras is that the vast majority of them have microphones,” Healy notes, and while users frequently turn them off, hackers may easily turn them back on – effectively “wiretapping” the room.
Dahua claims that when the vulnerability was discovered late last year, it “immediately conducted a comprehensive investigation” and rapidly rectified the problem through “firmware updates.”
The company also claims that it is not funded by the government and that its equipment would not interfere with the UK’s key infrastructure. “These allegations are false and paint a highly misleading picture of Dahua Technology and its products,” it continues.
Experts, however, believe the UK must do more to safeguard itself from what Prof Sampson, the surveillance camera commissioner, refers to as “digital asbestos.”
“A previous generation installed this equipment, largely because it was cheap and got the job done,” he explains. “Now that we have realized it has some serious and inherent risks, what do we do?”
When asked if he trusts Hikvision and Dahua, he says, “Not one bit.”
Download The Radiant App To Start Watching!
Web: Watch Now
LGTV™: Download
ROKU™: Download
XBox™: Download
Samsung TV™: Download
Amazon Fire TV™: Download
Android TV™: Download