Demystifying the latest cybersecurity tech and terms in IP-based cameras
Hanwah Techwin by Aaron Saks
While cybersecurity is everyone’s responsibility, it begins with a ‘cybersecurity by design’ approach during the development of the technology and carries through to manufacturing and distribution. For network cameras it’s critically important to ensure hackers don’t get access to a company’s valuable information via any weakness in the security system. Depending on the device and what’s inside, it may be vulnerable by default. This is one of the biggest differences between professional security cameras and the cheap systems that can be purchased from discount retailers.
For organizations seeking to install a low-cost solution, it might solve a need initially, but the product might not receive support or updates and patches for vulnerabilities going forward. Hacking techniques evolve as vulnerabilities are uncovered over time so it’s critical that a manufacturer evolves its firmware and updates it regularly to keep one step ahead. Hanwha Techwin focused on cybersecurity in its latest Wisenet 7 SoC (system on chip). Some of the technology used to harden the latest cameras may be unfamiliar to users, so this post seeks to provide a high-level overview of these various technologies and associated terms.
Technologies and terms for cybersecure IP cameras
Secure Boot Verification
Secure Boot provides an extra layer of security by isolating different elements of a camera’s operating system from the network. When a camera is booted up, it verifies encrypted signatures in the boot image in its secure operating system and then runs Linux on top of that for the network interface. This separates Linux (user access) from the chipset and decryption keys. The system will complete a full boot before communicating with any other part of the system and this also prevents an interruption to the boot process which could be exploited by a hacker.
Using a separate operating system (OS) for encryption and decryption, as well as for verifying that apps have not been modified, reduces the workload of a camera’s main OS. A separate Linux based API is needed to access a Secure OS and without this, there is no way to make any changes to the camera from the outside.
JTAG ports are hardware interfaces which are used to program, test and debug devices. They can be compromised by hackers to gain low level control of a device and perhaps replace firmware with a malicious version. This can be prevented by securing the JTAG port via a key-based authentication mechanism to which only authorized personnel working for the manufacturer have access. JTAG comes from Joint Test Action Group who created the standard for verifying and testing printed circuit boards and chips.
Secure UART (Universal Asynchronous Receiver-Transmitter)
UART ports are serial interfaces typically used for debugging cameras. They allow administrator access to a camera and are therefore a target for hackers attempting to access sensitive information such as password keys. Hackers could also potentially access a camera’s firmware in order to reverse engineer it, upload a non-authorized version, or examine it for vulnerabilities in the device’s communications protocols. Enforcing restricted and secure access to the UART port allows the debugging process to be safely completed, without opening the door to cyber criminals.
OTP ROM (One Time Program Read Only Memory)
One of the most important aspects of cybersecurity is to verify that anyone accessing the camera is who they say they are. This feature burns certain unique pieces of information like decryption keys into the chip during manufacturing that cannot be reprogrammed. When firmware is installed and a certificate is verified, it references these keys to guarantee the data comes from a trusted source. This is a critical element of the Trusted Platform Module (TPM) that separates the end-user side of the camera application from the network (Linux). OTP protects the integrity of encryption keys which are used to validate the stages in a secure bootup sequence and allows access to the camera application. A manufacturer that’s not building its own chip typically doesn’t have this capability.
Anti-hardware clone functionality prevents a chipset from being cloned. In addition to protecting intellectual property, this ensures that a chipset with a manufacturer’s label is a genuine copy and removes the risk of a cloned device which may contain malicious software being used to steal sensitive data such as passwords.
Crypto acceleration in the context of a camera chipset means providing for complex mathematical functions for encryption and decryption. Because this is a very intensive operation, it can require a chipset to use a large proportion of its resources. Equipping chipsets with a dedicated ‘engine’ for this purpose ensures that encryption/decryption is efficiently carried out, without impacting other camera functionality.
Video & API Encryption
Between the location of a camera and where the images it captures are remotely viewed, recorded and stored, there is always the possibility that a cybercriminal could hack into the network and gain access to what may be confidential video and data. Encryption can be used prior to transmission of the video and other network communications so that it cannot be viewed by anyone maliciously hacking into the network.
Raising the bar on cybersecurity
I hope these brief definitions have added to your understanding of the various technologies that can be used to protect network IP cameras from exploitation. When deploying IP cameras, it’s important to consider a manufacturer’s dedication to cybersecurity and be armed with a basic knowledge of what is required to successfully protect devices. Manufacturers should use independent testing agencies (whitehat hackers) to help identify vulnerabilities.
Hanwha Techwin has always put a priority on cybersecurity and the latest Wisenet 7 chip has again raised the bar for the security industry. The Wisenet 7 SoC received UL CAP (Cybersecurity Assurance Program) certification in only 3 months (it typically takes 8 to 10 months for most companies) thanks to our well-established software development process already in place and our dedicated in-house cybersecurity department.