Demystifying the latest cybersecurity tech and terms in IP-based cameras

While cybersecurity is everyone’s responsibility, it begins with a ‘cybersecurity by design’ approach during the development of the technology and carries through to manufacturing and distribution. For network cameras it’s critically important to ensure hackers don’t get access to a company’s valuable information via any weakness in the security system.  Depending on the device and what’s inside, it may be vulnerable by default. This is one of the biggest differences between professional security cameras and the cheap systems that can be purchased from discount retailers.

For organizations seeking to install a low-cost solution, it might solve a need initially, but the product might not receive support or updates and patches for vulnerabilities going forward. Hacking techniques evolve as vulnerabilities are uncovered over time so it’s critical that a manufacturer evolves its firmware and updates it regularly to keep one step ahead. Hanwha Techwin focused on cybersecurity in its latest Wisenet 7 SoC (system on chip). Some of the technology used to harden the latest cameras may be unfamiliar to users, so this post seeks to provide a high-level overview of these various technologies and associated terms.

Under the statute, correctional facilities can use video surveillance to help support violence reduction in a variety of ways. This can include using cameras to cover blind spots that are created by line-of-sight issues arising from a facility’s design. It can also be used to help meet the staffing requirements mandated by the statute. Instead of hiring more staff, a facility can use a video surveillance system to demonstrate compliance. This is an important consideration since, under the statute, facilities must develop and document staffing plans to adequately protect inmates.

Technologies and terms for cybersecure IP cameras

Secure Boot Verification

Secure Boot provides an extra layer of security by isolating different elements of a camera’s operating system from the network. When a camera is booted up, it verifies encrypted signatures in the boot image in its secure operating system and then runs Linux on top of that for the network interface. This separates Linux (user access) from the chipset and decryption keys. The system will complete a full boot before communicating with any other part of the system and this also prevents an interruption to the boot process which could be exploited by a hacker.

Secure OS

Using a separate operating system (OS) for encryption and decryption, as well as for verifying that apps have not been modified, reduces the workload of a camera’s main OS. A separate Linux based API is needed to access a Secure OS and without this, there is no way to make any changes to the camera from the outside.

Secure JTAG

JTAG ports are hardware interfaces which are used to program, test and debug devices. They can be compromised by hackers to gain low level control of a device and perhaps replace firmware with a malicious version. This can be prevented by securing the JTAG port via a key-based authentication mechanism to which only authorized personnel working for the manufacturer have access. JTAG comes from Joint Test Action Group who created the standard for verifying and testing printed circuit boards and chips.

Secure UART (Universal Asynchronous Receiver-Transmitter)

UART ports are serial interfaces typically used for debugging cameras. They allow administrator access to a camera and are therefore a target for hackers attempting to access sensitive information such as password keys. Hackers could also potentially access a camera’s firmware in order to reverse engineer it, upload a non-authorized version, or examine it for vulnerabilities in the device’s communications protocols. Enforcing restricted and secure access to the UART port allows the debugging process to be safely completed, without opening the door to cyber criminals.

OTP ROM (One Time Program Read Only Memory)

One of the most important aspects of cybersecurity is to verify that anyone accessing the camera is who they say they are. This feature burns certain unique pieces of information like decryption keys into the chip during manufacturing that cannot be reprogrammed. When firmware is installed and a certificate is verified, it references these keys to guarantee the data comes from a trusted source. This is a critical element of the Trusted Platform Module (TPM) that separates the end-user side of the camera application from the network (Linux). OTP protects the integrity of encryption keys which are used to validate the stages in a secure bootup sequence and allows access to the camera application. A manufacturer that’s not building its own chip typically doesn’t have this capability.

Anti-Hardware Clone

Anti-hardware clone functionality prevents a chipset from being cloned. In addition to protecting intellectual property, this ensures that a chipset with a manufacturer’s label is a genuine copy and removes the risk of a cloned device which may contain malicious software being used to steal sensitive data such as passwords.

Crypto Acceleration

Crypto acceleration in the context of a camera chipset means providing for complex mathematical functions for encryption and decryption. Because this is a very intensive operation, it can require a chipset to use a large proportion of its resources. Equipping chipsets with a dedicated ‘engine’ for this purpose ensures that encryption/decryption is efficiently carried out, without impacting other camera functionality.

Video & API Encryption

Between the location of a camera and where the images it captures are remotely viewed, recorded and stored, there is always the possibility that a cybercriminal could hack into the network and gain access to what may be confidential video and data. Encryption can be used prior to transmission of the video and other network communications so that it cannot be viewed by anyone maliciously hacking into the network.

Raising the bar on cybersecurity

I hope these brief definitions have added to your understanding of the various technologies that can be used to protect network IP cameras from exploitation. When deploying IP cameras, it’s important to consider a manufacturer’s dedication to cybersecurity and be armed with a basic knowledge of what is required to successfully protect devices. Manufacturers should use independent testing agencies (whitehat hackers) to help identify vulnerabilities.

Hanwha Techwin has always put a priority on cybersecurity and the latest Wisenet 7 chip has again raised the bar for the security industry. The Wisenet 7 SoC received UL CAP (Cybersecurity Assurance Program) certification in only 3 months (it typically takes 8 to 10 months for most companies) thanks to our well-established software development process already in place and our dedicated in-house cybersecurity department.

If you like it, share it.

About Hanwha Techwin America

Hanwha Techwin America is a subsidiary of Hanwha Corporation, a South Korea-based company. Hanwha Techwin is a leading global supplier of solutions for IP and analog video surveillance. Building on the company’s history of innovation, Hanwha Techwin America is dedicated to providing solutions with the highest levels of performance, reliability and cost-efficiency for professional security applications.

Hanwha Techwin's Top 5 Video Trends Thumb

Hanwha Techwin’s Top 5 Video Surveillance Trends for 2022

Are you looking for direction on the newest technology trends that will shape security and surveillance this year? Maybe you’re wondering which types of products your customers will ask about...

/ Hanwha Techwin America

Building a sustainable future

It may not be easy being green but it certainly is worth the effort. Hanwha Techwin actively supports environmentally conscious initiatives across its business ecosystem, from manufacturing, production and use…

/ Hanwha Techwin America

Video Surveillance Cameras Protect More Than Staff at Correctional Facilities

In the corrections space, inmate protection has become a priority for governments and legislative bodies. Where video surveillance was once used primarily to protect staff, today it is used to…

/ Rick Holmes

Protecting Against Risk Through Cybersecurity Awareness

We’ve all read or heard about incidents of cyber crime targeting government and commercial entities to compromise services or harvest information. As you can image, financial institutions are a primary…

/ David Uberig

Putting PoE to New Uses

There’s a new technology available for security professionals, and it’s been on the market for almost two decades. Power over Ethernet (PoE) technology is widely used across diverse security and…

/ Aaron Saks

Oil & Gas Companies Are Refueling Innovation and Lowering Costs with Video Surveillance

When the COVID-19 pandemic hit, people stopped driving to work and travelling to visit friends and family. If you’re a commuter or frequent flyer, you could see the upsides: time…

/ Michael Shipley

Total cybersecurity — built-in from the ground up

Security is on everyone’s minds – whether it’s protecting our personal identities online, safeguarding confidential business communications or complying with regulations governing manufacturing partnerships. Security is also our business and…

/ Aaron Saks

Hospitals rethink surveillance to improve operational efficiency

The national spotlight currently on our healthcare system is a constant reminder of the vital service it provides to individuals and communities. Even before the appearance of COVID-19, hospitals and…

/ Chris Lennon

Pandemic’s effect on retail: Change is here to stay

“Contactless delivery,” “social distancing” and “shelter-in-place.” A new vocabulary is just one of the COVID pandemic’s many effects on daily life. Retailers are also adapting to new rules for conducting…

/ Jordan Rivchun

Wisenet 7: Excellence Through Innovation

When we started designing our Wisenet 7 System on a Chip (SoC) we went beyond simply focusing on what it could do in terms of features and performance. We thought…

/ Aaron Saks