Security Bites Podcast: Hacking via security cameras

By CNET News.com Staff

Listen Now

In the movies, the bad guys somehow get the surveillance cameras to loop a static image. In real life, one researcher says it can be done using an Internet browser. The attack can then be used to access the internal corporate network.

Download mp3

Listen to more episodes of this podcast at the Security Bites podcast archive.

This week, CNET's Robert Vamosi talks with Adrian Pastor, a London-based security researcher who has demonstrated how to hack into a corporate network using a surveillance camera.

Security cameras are everywhere. Popping up on city street corners. Certainly they're on most major corporate campuses. And we've all seen films where the bad guys fool the sleepy, overworked security guard by playing a static image on a security monitor while thieves break into the safety deposit boxes.

But how practical is that? Recently a few security researchers have said it's pretty easy--if the camera streams its images over an IP address. In a paper titled "Owning Big Brother" (PDF), Pastor shows how code entered through an ordinary Web browser, a cross-site scripting attack, can manipulate or even replace the streaming video content with something else.

Pastor says hackers can use the camera as a stepping stone to attack the corporate or government network operating behind the camera.

Continue the discussion

Join us in the CNET News.com Lounge forum