Insecure Real-Time Video Protocols Allow Hollywood-Style Hacking
New research by Forescout Technologies shows that default settings in millions of network-connected video cameras could allow threat actors to carry out Hollywood-style attacks by replacing video streams with whatever they want.
Video feeds rely on the real-time transport protocol (RTP). While secure versions of this protocol have been developed, “these secure alternatives are not always available in IoT [Internet-of-things] devices, are almost never configured by default, and are many times not enabled by the end users, who generally do not have all the knowledge required to secure RTP sessions in the first place,” the report states. Over 4.6 million IP cameras may be vulnerable to the attack, which does require attackers to have a certain level of access to the network the cameras are connected to.