15 thousand CCTV cameras in Moscow city are available in Shodan; hackers will create their own facial recognition system with them

A recent report mentions that there are more than 15,000 cameras in Moscow potentially exposed to security flaws, all located in banks, shopping malls, houses, public spaces, among other places. Threat actors can use tools like Shodan to find vulnerable devices and even extract large amounts of sensitive data.

Moscow authorities mention that the number of surveillance cameras used in the city has increased to 170,000 devices. The security report from mentions that cybercriminals have created an alternative facial recognition system, requiring some 15,000 private cameras to be compromised using the popular analysis tool.

Experts say it is possible to use Shodan to search for servers, surveillance cameras, printers, routers and many other Internet-connected devices, especially those that do not have the necessary security measures.

“There must be about 2 million private cameras in Moscow,” says researcher Oleg Bakhtadze-Karnaukhov. As reported, about 15 thousand of these devices (0.8%) could be attacked; threat actors could compromise these devices easily, as it is non-complicated to exploit the flaws that reside in this kind of technology.

The facial recognition system that hackers plan cannot be created with the help of cameras connected to the city’s surveillance systems, as the Moscow Department of Information Technology (DIT) maintains rigorous monitoring on these systems. The problem this investigation poses is that the city does not have a contingency plan in case of a massive attack on the thousands of private cameras that exist in Moscow, which makes these devices an ideal attack vector for hackers.

Specialists from information security firms believe that the possibility of creating this illegal system is completely real, even though it sounds like a plan out of some sci-fi movie. On the other hand, if hackers want to sell data about a person’s movements, it is easier for them to fall victim to extortion attempts.

On how to prevent these attacks, experts recommend resorting to the most essential security measures, such as changing default passwords on IoT devices, performing periodic firmware updates, and, if possible, not connecting these computers to public networks. Hackers will remain active, so it is important that private camera users follow these recommendations.

Originally published at https://www.securitynewspaper.com on October 30, 2020.

Knowledge belongs to the world