Back to Blog

Stolen Camera Feeds and a Single Source of Truth

Mar 17, 2021
By Tony Bailey

Network-connected cameras help ensure safety and security by monitoring activity in schools, jails, hospitals, police stations, businesses, and industrial environments.  Cameras are also becoming more common in the home, monitoring doors, windows, family members and even pets, but if the video feeds from your cameras are observed by unauthorized personnel, there can be serious implications, including legal liabilities to your business. When outsiders can see sensitive locations like hospitals and schools, it doesn’t instill a lot of confidence in your cameras – with a potential negative impact on your reputation.

Several news outlets dubbed the most recent hack as the Verkada security breach. During this incident, hackers gained access to thousands of video feeds through administrator accounts using valid credentials found online. When unauthorized access to your cameras is achieved using exposed or stolen credentials, it can be difficult for your security tools to generate security alerts because the activity may look like normal camera use.

One victim of the incidents said, “As soon as we were notified of the breach, we proceeded to shut down the cameras in all our office locations to prevent further access”. That’s a wise approach. But did they shut down every single camera? Did they have the full context of all their cameras?  Did they know the location, the camera software version, and the name of the authorized owner that performs maintenance on these cameras? How could they be sure?

No level of investment in security tools provides 100% protection against your cameras being hijacked. The Verkada breach is evidence of this. While vigilance on who is accessing your camera feed is a priority, what’s more important is remediating an issue as fast as possible and understanding the implications of the response. Does unplugging your cameras that are monitoring your production environment or highest security area in a jail do more harm than good? That’s where knowing what your cameras are doing, where they’re located and the full context of their operation is so important.

Without a trusted inventory of all cameras, connected or not, remediation gets to be overly complicated.  This is because without a single source of truth, it can be difficult for you to have an accurate detail on cameras so you can remediate them quickly. What if there are rogue or unknown cameras running in your organization that were installed with good intentions but only one person is aware of their operation? That’s just one example of why you need a full context regarding your cameras to make sure your response does not end up harming your business operations.

Once you have a single source of truth, you need to be able to quickly dispatch authorized personnel to correct the camera. Armed with all the relevant information, you’ll know the device owner, and if the camera is in a critical such as an intensive care unit or a secure area at a jail, so you can prioritize and orchestrate the correct authorized response to the threat.

Nuvolo Connected Workplace enables a single source of truth for all your cameras – both on or off the network. It does this with a cloud-based inventory for all your assets, equipment, and devices. With Connected Workplace console, you’ll be able to confirm device inventory with a contextual view, including profile, business context, and device history.