Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Over the decades, satellites have emerged DronesAnd the human observers were all part of the war monitoring and survey toolkit. However, in the age of cheap, insecure, internet-connected consumer devices, militaries have gained another powerful set of eyes on the ground: all Hackable security camera They were installed outside a home or on a city street, aiming them at potential targets for bombing.
On Wednesday, Tel Aviv-based security firm Check Point issued a New search Describes hundreds of hacking attempts targeting consumer security cameras around the world The Middle East– with many of them apparently timed Recent missile and drone attacks by Iran On targets that included Israel, Qatar and Cyprus. These camera hijacking efforts, some of which Check Point attributed to a hacking group formerly linked to Iranian intelligence, suggest that the Iranian military attempted to use civilian surveillance cameras as a means of identifying targets, planning strikes, or assessing damage from its attacks while retaliating for the attack. American and Israeli bombing Which sparked a large-scale war in the region.
Iran will not be the first to adopt the tactic of monitoring camera hacking. Earlier this week, The Financial Times reported The Israeli army gained access to “almost all” of the traffic cameras in the Iranian capital, Tehran, and used them, in partnership with the CIA, to target the airstrike that killed Ayatollah Ali Khamenei, Iran’s supreme leader. In Ukraine, the country’s officials have warned about this for years Russia hacked consumer surveillance cameras To target strikes and spy on troop movements, while Ukrainian hackers did so Hijacked Russian cameras To monitor Russian forces and perhaps even Monitor her special attacks.
In other words, exploiting the insecurity of networked civilian cameras has become part of standard operating procedure for armed forces around the world: a relatively cheap and accessible way to acquire a target hundreds of thousands of miles away. “Camera hacking is now part of the rule of the game in military activity,” says Sergey Shekevich, who leads threat intelligence research at Check Point. “You can get a direct view without using any expensive military means like satellites, and often with better resolution.”
“For any attacker planning a military activity, it’s now easier to try, because it’s easy and provides very good value for your efforts,” Shekevich adds.
In the latest example of this reconnaissance technique, Check Point found that hackers attempted to exploit five distinct vulnerabilities in Hikvision and Dahua security cameras that would have allowed them to be taken over. Shikevich describes dozens of attempts — which Check Point says it has blocked — across Bahrain, Cyprus, Kuwait, Lebanon, Qatar and the United Arab Emirates, as well as hundreds more in Israel itself. Check Point notes that it can only see intrusion attempts on networks equipped with its firewall network devices, and that its findings are likely skewed by the company’s relatively larger customer base in Israel.
None of the five vulnerabilities are “complicated or complex,” Shekevitch says. They’ve all been patched in previous software updates from Hikvision and Dahua and were discovered years ago — one as early as 2017. But as is the case with hackable bugs in many IoT devices, they persist in security cameras because owners rarely install updates or even realize they’re available. (Both Hikvision and Dahua have been effectively banned In the United States due to security concerns; Neither company responded to WIRED’s request for comment on the hacking campaign.)
Check Point found that attempts to hack the cameras were largely pinpointed to February 28 and March 1, just as the United States and Israel began their air strikes through Iran. There were also some attempts to seize the cameras in mid-January, as protests spread across Iran, and the United States and Israel prepared for attacks. Check Point says it has linked the targeting of the cameras to three different groups that it believes are Iranian in origin, based on the servers and VPNs they used to carry out the campaign. Shikevich notes that some of these servers have previously been linked in particular to the Iranian hacker group known as Hanzala, which several cybersecurity firms have identified as acting on behalf of Iran’s Ministry of Intelligence and Security.