As fighting continues in the south, the National Cyber Directorate has issued instructions to citizens to thoroughly check the security of their network cameras, change passwords, and if needed even shut them down to prevent their being hacked by hostile parties.
The Directorate stated that network cameras are a weak point as many of them do not contain secured access mechanisms and are very easily penetrated. This includes not only home-based cameras but also those used by businesses, organizations, and even governmental bodies.
According to the Directorate, although no such penetration has been identified during the fighting in the south so far, “we’ve seen this pattern in previous operations and this is therefore a possible and very likely scenario. It is not surprise: hackers from Iran or hostile countries have already shown how they penetrate the cameras of companies, even defense companies. Furthermore, penetrating a camera has served in the past as a means to spread documentation of an attack like the explosion at the Jerusalem bus stop by Hamas a few years ago.”
They also said that “the main fear is that penetration of security cameras can serve the enemy in collecting intelligence and spying. For instance, a camera observing sensitive areas like roads, junctions, public or defense installations can easily become a means of surveillance for hackers who take them over. It’s not hard to find a network camera. There are search engines which know how to map out the administrative interfaces of cameras, allowing internet access to their owner’s remote access.”
The Directorate ended their statement with a number of instructions and recommendations to tighten control of security cameras, recommending that anyone using such means check their equipment:
- It is highly recommended that any camera you owned not be accessible online.
- If the camera cannot be entirely cut off from the internet, it is highly recommended that access to it be limited to specific, recognized addresses, or that you use a VPN service with encryption and appropriately strong identification requirements.
- It is highly recommended to change the default password in the cameras into a password that is long, complex, hard to guess.
- It is highly recommended to periodically confirm the examination and installation of all relevant security updates by the camera’s manufacturer.
- It is highly recommended to examine the area observed by the cameras, and if a sensitive installation is within view, to change the direction of the camera such that the installation is no longer visible.