Andrei Costin is a Computer Science graduate of the Politehnica University of Bucharest where he did his thesis work in Biometrics and Image Processing. While starting out his IT-career in the Computer Games industry, he has worked in the Telecom field and also was a senior developer at a specialized firm programming various GSM/UMTS/GPS sub-systems. He is the author of the MiFare Classic Universal toolKit (MFCUK), the first publically available (FOSS) card-only key cracking tool for the MiFare Classic RFID card family and is known as the "printer guy" for his "Hacking MFPs" and "Hacking PostScript" series of hacks & talks at various international conferences. Lately he was spotted security-harassing airplanes with ADS-B hacks, though no planes were harmed during the experiments. He is passionate about security in a holistic fashion. Currently he is a PhD candidate with EURECOM in field of "Security of embedded devices".
[Abstract] Video surveillance, along with CCTVs (Closed Circuit TV) and VRs/NVRs (Digital/Network Video Recorders) at its heart, has become over time an important, omnipresent, ubiquitous and sometimes feared technology. Its initial purpose is to provide increased physical security and safety, while at the same time trying not to compromise on privacy. This kind of technology was massively deployed worldwide in the last 10 years or so, which lead to creation of nearly a "gazillion" products and vendors. In that respect it deserves for good reasons Schneider's term of "wholesale surveillance".
As many times have been previously proven with similar devices like Wi-Fi/adsl routers/modems, these kinds of embedded systems are far from being secure and it looks like the state of affair didn't improve on security much, quite the opposite. On top, the "gazillion" of products and vendors and their market and price competition always tend to compromise on quality and by side effect on security. It is clear that many categories of embedded devices, among them very important being the video surveillance systems (CCTVs, DVRs, NVRs), are still vulnerable to many primitive attacks thus posing a security threat to the internal networks where these are used.
However, an additional highly important implication of video surveillance exploitation is complete loss of privacy due to directly person-identifiable information leaking. Both implications lead to complete loss of trust (and potentially safety as well), thus defeating the primary goal of these systems. This research summarizes the security aspects of video surveillance systems/CCTVs/DVRs/NVRs as well as introduces and presents new insights and techniques applicable to this vast embedded devices population. If you ever have been intrigued by video surveillance and it's (in)security and whether someone is watching you, you don't want to miss this talk!