The last couple of weeks have shown how vulnerable our connected world can be. Reports of a new wave of Distributed Denial of Service (DDoS) attacks at a scale beyond what has been seen before are attracting worldwide headlines. With traffic floods now reaching the terabyte scale, only those with global resources and deep pockets can withstand such an onslaught.
“The attack began around 8 p.m. ET on Sept. 20, and initial reports put it at approximately 665 Gigabits of traffic per second.”
KrebsOnSecurity Hit with Record DDoS – KrebsOnSecurity – September 21st 2016
Powering this new wave of cyber weaponry is the Internet of Things (IoT). A nascent breed of devices taking their steps into the world at a time where the value of something is dramatically amplified by its integration into the network. Unfortunately this rapid push to connect everything has not always been balanced with the rapid push to secure the underlying technology architecture.
“That cyberattack was powered by something the internet had never seen before: an army made of more than one million hacked Internet of Things devices.”
How 1.5 Million Connected Cameras Were Hijacked to Make an Unprecedented Botnet Motherboard – September 29th 2016
One of the unwilling device types in these recent attacks are IP enabled security cameras. These cameras and recording systems are typically well connected and remotely accessed. When this is combined with poorly implemented web interfaces, default passwords, and a lack of cyber security oversight, systems are effectively waiting to be exploited.
“Attackers used an army of hijacked security cameras and video recorders to launch several massive internet attacks last week, prompting fresh concern about the vulnerability of millions of “smart” devices”
Hackers Infect Army of Cameras, DVRs for Massive Internet Attacks The Wall Street Journal – September 30th 2016
The Meraki MV Security Camera delivers on the promise of simple connected devices without security compromise. At the heart of MV is the same core software powering other Meraki devices like wireless access points and security appliances. This code has been honed over the last 10 years, battle tested in the most demanding of locations, and it provides the most secure control infrastructure of any security camera available.
All MV management traffic and video transport is encrypted by default: it’s not even possible to configure MV to operate without encrypted communications. Administrative access to the cameras is only available through the Meraki dashboard, an interface that can be secured with advanced technologies such as two factor authentication.
Beyond the individual devices, the Meraki infrastructure is housed in SSAE16 / SAS70 Type II certified data centres, undergoes daily penetration testing, and is covered by our security rewards program. These policies and processes allow us to meet the most rigorous of customer requirements, including the need to be PCI compliant.
The initial savings of a low cost or consumer grade security camera system may prove expensive later on. If it is trivial for cameras to be used to attack legitimate businesses and other organisations, how much extra effort would it take for someone to start snooping through those same cameras?
With the advent of National Cyber Security Awareness Month, the MV team will be posting more information on MV’s security architecture to highlight our commitment to a safe world of connected devices. Until then, for further information please contact us to find out more.