Dr. Peter Kim, Global Technical Consultant, IDIS America explains why, when it comes to cyber, it’s time to take a deeper look at deepfakes.
Although video surveillance systems account for a small portion of cyber risks, end points, transmission and storage are becoming an ever more attractive target for hackers.
Estimates put the number of connected devices – including cameras and related video surveillance devices – at roughly 20 billion. And, the reality is that many of those devices lack cybersecurity measures in place, thereby creating vulnerabilities in networks and leaving them very susceptible to malware.
When left unsecured, connected devices such as network cameras inevitably increase the attack surface. The sheer volume of devices that have been added to organisational networks – often without the involvement of IT departments – has undoubtedly increased concerns and vigilance.
IT departments are now taking a far more proactive approach to evaluating policies, hardening devices and becoming more aware of surveillance devices and their potential weaknesses as the frequency and sophistication of attacks continues to rise.
And although video surveillance systems are not an end in themselves, they are, from a hacker’s perspective, an access point that can potentially get them into a network. Hackers are very shrewd in using tactics to pester, disrupt, cost money and generally undermine day-to-day business operations.
Hardened devices and software, monitoring and updating response polices are crucial, but users also need the assurance that if their video system is compromised, they can trust it’s not just about leaked video, but about video integrity.
Any challenge to the integrity of video evidence, if not countered, risks undermining the value of an entire video solution. This is particularly true in applications where investigating and prosecuting wrongdoing is a key function of the system. So, it’s vital that users can demonstrate beyond doubt that their footage has not been tampered with in any way.
Unfortunately, rapid advances in video manipulation techniques have given way to a growing emergence of deepfakes and spoofing, putting increased pressure on both video surveillance systems users and on prosecutors to demonstrate the integrity of footage.
Deepfakes are a synthetic tool in which a person in an existing image or video is replaced with someone else’s likeness. While the act of faking content is not new, deepfakes leverage powerful techniques from machine learning and artificial intelligence to manipulate or generate incredibly realistic visual and audio content with a high potential to deceive. It’s not a coincidence that the term deepfake blends the two words: Deep and fake – because it truly is a combination of machine or deep learning with something that isn’t real.
So, it’s important for video surveillance system users to ask, ‘how do we know if our video footage is legitimate and if it came from the right video source?’ And, ‘what if our surveillance system is compromised and it’s been recording video streams from a spoofing attack?’ Watermarking or chain of custody won’t solve this potentially dangerous risk, especially considering the development of techniques and deepfake tech available.
But, there needs to be a mechanism in place to ensure that what users are seeing, recording and using as evidence is coming from legitimate video sources and recorded on legitimate video recorders.
Every organisation and every citizen of a democracy should be concerned about deepfakes. If not mitigated, deepfakes have the potential to compromise video credibility as evidence and, therefore, also its value as a deterrent. The effect of deepfakes is also feeding through into the legal system. In courts, we are increasingly likely to see defence teams challenging the veracity of video evidence and calling into question the chain of custody of recorded footage as they seek to cast doubt on its chronology and authenticity.
We’ve come to rely on video evidence and it has played a pivotal role in countless successful prosecutions and been prominent in hugely important investigations. Many cases rely heavily on video from surveillance systems as well as mobile phones, body-worn cameras and dashcams. In some situations, the video reinforces the prosecution’s case, while in others, it exonerates an innocent party.
And there’s yet another new and very serious threat for surveillance users to consider. Malicious actors can weaponise an organisation’s own recorded footage against them. Every interaction and incident recorded by a video security camera on a site can now easily be altered if the integrity of that footage is not protected with the right technology and falls into the wrong hands.
Recent examples include faked footage from purported security cameras, drones and smartphones of the war in Ukraine shared predominantly on TikTok, which are often picked up by disreputable or uninformed online news outlets as legitimate video.
Aware of the threat, respected TV channels are careful to state they are unable to verify the authenticity of some of the footage they report. Given their budgets and experience in broadcast video, the growing proliferation of deepfakes make them an even more worrying trend that needs to be addressed and tackled.
Deepfake defence tactics
Today, most reputable manufacturers and their systems integrators understand the need for secure access, transmission and recorded data. There’s also more awareness that, during implementation, engineers need to harden devices.
Many manufacturers have published guides. However, hardening guides can widely vary in depth and breadth, while many are not updated to reflect new vulnerabilities and threats, so it’s important that systems integrators do their own due diligence.
The same is true once systems are installed – they can’t just be forgotten about. As new threats emerge and hackers become more sophisticated, it’s important that both manufacturers and their integration partners work together to provide software and firmware updates so that customers are not left vulnerable to new attacks.
For larger projects that use a mix and match approach to cameras, servers, VMS and analytics coming from multiple vendors with varying degrees of counter measures for potential cyber-attacks, it is very difficult to provide ironclad cybersecurity in this approach.
Engineers need to be cyber savvy across a wide range of systems and applications. And, while under pressure to complete a project on time and on budget, without networking knowledge and expertise across multiple systems, engineers leave behind vulnerable devices and access and transmission cyber loopholes for hackers to exploit.
That’s why end-to-end systems that use certificate-based mutual authentication and proprietary protocols are one of the safest surveillance tech options to ensure cybersecurity. For example, this means there is a guarantee that the video feed is coming from an IP camera paired with an NVR. It’s cybersecurity working behind the scenes, without human interaction, once again taking the human factor out of the cybersecurity equation.
It’s about making sure the video source is protected and authenticated with NVRs before anything is recorded and ensuring network cameras are sending video to the authenticated recorder – and not to anything or anyone else. So, users need to be sure that the video stream they are receiving, potentially from the other side of the globe thanks to the IP technology, is a legitimate one.
Certificate-based mutual authentication eliminates this issue as there’s no login credentials to manage. Engineers and users only need to protect the login credential of each NVR with two-factor authentication, which if you’re using 16 through 64-ch NVR, means a lot less complexity.
Deepfakes and spoofing can do deep damage – beware of them before they can do harm.
To find out more information about IDIS, visit: https://www.idisglobal.com/
This article was originally published in the July edition of International Security Journal. To read your FREE digital copy, click here.