Cyber security

25

The proliferation of Internet of Things (IoT) devices has led to unprecedented levels of convenience and connectivity, but it has also brought significant cybersecurity challenges. One of the most common security risks associated with IoT devices is default passwords, which can make them vulnerable to a wide range of attacks and exploits. CCTV cameras, in particular, are highly susceptible to security breaches due to default passwords. This study aims to identify the risks associated with default passwords in CCTV cameras and explore how these risks can be mitigated. To achieve this, a qualitative research using a case study approach was conducted. The data was collected through interviews with security experts, manufacturers, and users of CCTV cameras, and analyzed using thematic analysis. The study identified the common vulnerabilities and security risks associated with default passwords in CCTV cameras, current password policies and authentication protocols used in CCTV cameras, and the best practices for mitigating the risks associated with default passwords in CCTV cameras. The findings of this study have several implications for the field of IoT security, providing a comprehensive understanding of the risks associated with default passwords in IoT devices, identifying the best practices for mitigating these risks, and contributing to the broader discourse on IoT security. Ultimately, this study seeks to enhance the safety and privacy of individuals and organizations who use IoT devices and promote the responsible and ethical use of technology.

Keywords: (IoT security, Default passwords, CCTV cameras, Vulnerabilities Authentication protocols, Password policies)

The emergence of Internet of Things (IoT) devices has brought about a significant transformation in our daily lives, work, and technology interaction. With IoT devices ranging from smart homes, wearable gadgets, industrial control systems, and medical devices, we have witnessed a remarkable level of convenience, efficiency, and interconnectivity. These devices have enabled us to perform tasks effortlessly and stay connected with the world around us like never before. The proliferation of IoT devices has revolutionized the way we live, work, and interact with technology, making our lives more comfortable, productive, and enjoyable.

1.1. Background of the study: ( Add more information)

The rapid growth of Internet of Things (IoT) devices has brought about a significant transformation in our daily lives, work, and technology interaction. IoT devices, ranging from smart homes, wearable gadgets, industrial control systems, to medical devices, have revolutionized the way we interact with technology. These devices have enabled us to perform tasks with ease and stay connected with the world like never before, providing unprecedented levels of convenience, efficiency, and interconnectivity.

1.2. Problem statement:

The problem statement outlines the security risks associated with default passwords in IoT devices, particularly CCTV cameras. The proliferation of IoT devices has brought about unprecedented convenience, efficiency, and connectivity, but these devices are often designed with limited attention to security. This makes them vulnerable to a wide range of attacks and exploits, which can compromise the safety and privacy of individuals and organizations who use them. One of the most common security risks associated with IoT devices is default passwords. Default passwords are often weak, predictable, and shared among multiple devices, making them vulnerable to attacks and exploits. This is particularly true for CCTV cameras, which are widely used for surveillance in homes, businesses, and public spaces. Default passwords in CCTV cameras are often easily guessable or widely known, making it easy for attackers to gain access to the cameras and use them for malicious purposes, such as spying on individuals or launching DDoS attacks. The study aims to identify the risks associated with default passwords in CCTV cameras and explore how these risks can be mitigated. The study will examine the vulnerabilities and security risks associated with default passwords in CCTV cameras, the current password policies and authentication protocols used in CCTV cameras, and the best practices for mitigating the risks associated with default passwords in CCTV cameras. By examining these aspects, the study seeks to inform the development of more effective security measures, guide the development of password policies and authentication protocols, and contribute to the broader discourse on IoT security. The findings of the study will have several implications for the field of IoT security, including promoting the responsible and ethical use of technology, enhancing the safety and privacy of individuals and organizations who use IoT devices, and helping to identify key vulnerabilities and security risks associated with default passwords in IoT devices. Overall, the problem statement highlights the importance of addressing the security risks associated with default passwords in IoT devices, particularly CCTV cameras. The study seeks to provide valuable insights into these risks and identify effective strategies for mitigating them, ultimately contributing to the development of more secure and reliable IoT devices.

1.3. The research questions for this study are: ( Add introduction before the questions )

· What are the common vulnerabilities and security risks associated with default passwords in CCTV cameras?

· What are the current password policies and authentication protocols used in CCTV cameras?

· What are the best practices for mitigating the risks associated with default passwords in CCTV cameras?

1.4. The research Aim and Objectives: ( Add introduction before the points )

· To identify the specific security risks and vulnerabilities associated with default passwords in CCTV cameras.

· To examine the current password policies and authentication protocols used in CCTV cameras.

· To identify best practices for mitigating the risks associated with default passwords in CCTV cameras.

· To provide recommendations for improving password policies and authentication protocols in CCTV cameras, in order to enhance the security of these devices.

· To contribute to the broader discourse on IoT security, by highlighting the specific risks associated with default passwords in IoT devices and the need for more collaborative and interdisciplinary approaches to addressing these risks.

By achieving these objectives, this research aims to provide valuable insights into the risks associated with default passwords in IoT devices, particularly CCTV cameras, and to inform the development of more effective security measures for these devices. Ultimately, this research seeks to enhance the safety and privacy of individuals and organizations who use IoT devices and promote the responsible and ethical use of technology.

Research Structure: ( I need it in paragraphs not points )

I. Introduction

- Background of the study

- Problem statement

- Research questions

- Objectives of the research

- Significance of the study(Aims)

- Structure of the study

II. Literature Review

- Overview of IoT and CCTV cameras (Introduction).

- CCTV Advantages.

- Password policies and authentication protocols in IoT devices and CCTV cameras.

- Security risks associated with IoT devices and default passwords

- Preconfigured passwords

- Improving Safety and Security of Closed-Circuit Television: The Importance

of Credential Changes and Promoting Awareness and Regulation.

III. Methodology

- Research approach and design

- Data collection methods

- Sample selection and recruitment

- Data analysis procedures

IV. Results and Findings

- Overview of the data collected

- Summary of the findings for each research question

- Discussion of the implications of the findings

V. Conclusion and Recommendations

- Summary of the study

- Conclusions drawn from the research

- Recommendations for improving password policies and authentication protocols in CCTV cameras

- Limitations of the study and directions for future research

VI. References

- List of sources cited in the study

VII. Appendices

- Interview questions

- Consent forms

- Additional data or information that supports the study

Introduction

It is only easy to conceive of a future with the Online platform and the Internet of Things (IoT). These gadgets have developed the ability to be a part of our day-to-day lifestyles when the number of linked devices is continuously growing. It is not unheard of for us to have a wearable device, a linked refrigerator, a sophisticated automobile, surveillance cameras and networks that we can manage from our smartphone, and a vacuum pump that understands the architecture of our house so that it can sanitize it while we are away from it. In addition, the Internet of Things has also made its way into vital facilities (Shin et al., 2019).

In current history, gadgets linked to the Internet of Things (IoT) have become more prevalent in our daily lives. This phenomenon is known as the "Internet of Things." One Internet of Things (IoT) innovation most regularly observed in use nowadays is residential surveillance webcams. These recording devices are sometimes called closed-circuit televisions (CCTV). Nonetheless, the lack of proper safety precautions, like relying on preset credentials, is a major contributor to the significant problems with gadgets connected to the Internet of Things (IoT). Since the initial certificates on devices are famously easy to crack, there is a greater likelihood that thieves would attempt to access such gadgets. This research aims to evaluate the identification methods utilized in Surveillance cameras, the prevalence of preset credentials, and the most effective methods for securing Surveillance cameras from being hacked by corrupt individuals (Shin et al., 2019).

The inadvertent usage of IoT devices, failure to regularly change credentials, and inability to install software upgrades have all contributed to a rise in cyberattacks and entry for harmful programs to critical material. Using such ineffective privacy methods increases the likelihood of an information leak and other attacks. The Internet of Things (IoT) is often regarded among protection experts as the most susceptible target for digital assaults owing to inadequate security measures and standards. Although many different security techniques have been established to defend Internet of Things gadgets from intrusions, privacy policies still need to be well defined. Consumers could not employ precautionary procedures to keep their property from being attacked. Since the beginning of 2008, cybercriminals have created several forms of the virus to infiltrate various Internet of Things gadgets. They developed different cybercrime strategies to convince people or workers to provide critical information (CCTV direct, 2022).

CCTV Advantages:

In current history, there has been an uptick in demand for various kinds of surveillance equipment. These technologies are being used by state and individual enterprises, domestic communities, business and civic places, and other locations to monitor various activities for protection and well-being. Both "sur" and "veiller" imply "to watch" in French. "sur" means "upwards," while "veiller" indicates "to observe." Watching someone's actions, actions, and conduct in an attempt to govern, supervise, and protect them is what we mean when we talk about surveillance. The ability to do distant and ongoing inspections is a benefit offered by surveillance equipment. The innovation of CCTV devices, often known as CCTV, is being used so that events may be seen while taking place and that actions can be monitored in any location later. Since the number of break-ins and other criminal acts continues to rise, installing CCTV cameras for surveillance is becoming more necessary in both the business and residential spheres (Lau & Tan).

Various CCTV cameras are accessible, including those that do not use the Internet Protocol (IP), IP CCTV cameras, and cordless Surveillance cameras. IP-based wireless Security cameras are becoming more popular in the modern world for various reasons, including their technological advantages, versatility, user-friendliness, and cost-effectiveness. The industry for Surveillance cameras is rapidly growing due to the widespread usage of the technology in various sectors around the globe. The Internet of Things has the advantage of providing a fresh appearance for the next generation of CCTV cameras. There is a requirement for webcams that can automatically recognize odd occurrences and translate that information to other systems so that appropriate measures may be taken (Lau & Tan). This eliminates the need to record film and then view it later to identify instances of robbery, aggression, or damage. In response to this demand, camera manufacturers are incorporating cutting-edge technology into their products to make them more intelligent. Smart cameras have taken advantage of the advantages of computer vision, computer learning, and mechanization. The Internet of Things (IoT) allows linking network-enabled webcams to other gadgets and structures, transforming traditional surveillance monitoring into more advanced, intelligent security CCTV. CCTV cameras find widespread use in various cyber systems, including those concerned with public security, universal health care, transport monitoring, animal observation, ecological tracking, and meteorological prediction. A wide variety of designs and capabilities are accessible for security footage in CCTV. Sensors, a broadcaster, a storage facility, a microcontroller, and an external power supply are the components that make up a cordless CCTV source node. The fundamental operations carried out by each network are image reduction, file transfer, and visual capture. In footage monitoring systems, one of the most difficult challenges is handling a considerable percentage of visual data without compromising the integrity of the documentation or the system's safety. The records running module and the information propagation unit at each Wi-Fi device are responsible for this (Lau & Tan).

Password policies and authentication protocols in CCTV cameras

IoT devices and CCTV cameras have become increasingly popular and a common part of our daily lives. However, as these devices become more interconnected and integrated into our lives, the risk of unauthorized access and data breaches increases. Password policies and authentication protocols play a critical role in securing these devices and protecting the data they collect. Password policies refer to the rules and guidelines that govern the use of passwords. These policies dictate the strength and complexity of passwords, the frequency with which they must be changed, and other related factors. Strong password policies can help prevent unauthorized access to IoT devices and CCTV cameras. They can also help protect against brute-force attacks, where hackers use automated tools to try and guess passwords. Authentication protocols, on the other hand, refer to the methods used to verify the identity of users and devices. These protocols include various methods such as biometric authentication, two-factor authentication, and certificate-based authentication. These protocols ensure that only authorized users and devices can access the IoT devices and CCTV cameras. It is important to note that while password policies and authentication protocols are critical in securing IoT devices and CCTV cameras, they are not foolproof. Hackers can still find ways to bypass these security measures, and it is essential to stay vigilant and keep up with the latest security practices and updates. In conclusion, password policies and authentication protocols are crucial in securing IoT devices and CCTV cameras. Strong password policies and robust authentication protocols can help prevent unauthorized access and protect against data breaches. However, it is important to stay informed and keep up with the latest security practices to stay ahead of potential threats.

CCTV security Issues: ( Paragraph not points )

· The increased use of Closed-circuit television has sparked issues about personal confidentiality. The continual monitoring and recording of communal settings may make some users uneasy. Closed-circuit TV video also risks being utilized for illegal purposes like pestering or extortion. Surveillance cameras must be utilized to respect individuals' confidentiality, and there must be stringent laws to avoid abuse by authorities and corporations (Ko & Song, 2021).

· Legislative conformance concerns Closed-circuit tv cameras must follow a wide variety of legislation and policies, including those about confidentiality, security, and civil dignity. If these regulations are not followed, a business or other entity risks incurring fines and tarnishing its image. As a result, it is essential to make sure that all applicable rules and standards are adhered to throughout the process of installing and operating Surveillance cameras in a legal and ethical way (Ko & Song, 2021).

· Insufficient video exposure: Closed-circuit television networks must be built and deployed to offer appropriate video surveillance to catch all of the critical behavior in a region. If this is not done, limited video surveillance will result. Insufficient surveillance may lead to blind zones, where illegal acts may occur without being seen on video. As a result, it is essential to carry out an exhaustive site assessment and build the process to consider the assessment findings to guarantee that all essential regions are adequately addressed (Ko & Song, 2021).

· Preconfigured passwords: Since it opens the equipment to the possibility of being hacked and providing entry to unwanted users, employing a predefined passcode for Closed-circuit television might represent a serious potential threat.

There are a lot of Closed-circuit television networks on the market, and some operators do not bother to modify their initial credentials, which makes the device vulnerable to ruthless assaults and other kinds of phishing efforts. Cybercriminals will quickly gain entry to all of the webcams in a system if the channel's many devices have the same predefined credentials. This might lead to the compromising of the whole system.

“A Comparative Analysis between CCTV Camera Brands”

The table summarizes the available information on various surveillance equipment brands and their features, access controls, types of passwords accepted, and recommendations for users to enhance the security of their systems. Hikvision, Dahua, Uniview, and Samsung Techwin all advise using secure and complicated credentials to protect their surveillance equipment, while Swann does not do identity management but suggests using sophisticated credentials for safety. Lorex recommends using rugged credentials for its surveillance equipment, especially Closed-circuit television. All brands, except for Hikam, suggest that users should be able to change their passwords on a regular basis to enhance the security of the system. For Hikam, it is recommended that users should contact Hikam support to inquire about password-changing options and follow their advice. In terms of awareness, all brands suggest that users should be made aware of the importance of using strong and/or rugged, complicated credentials and changing passwords regularly to reduce the risk of unauthorized access and data breaches.

Fix the graph to show the average of devices used each type of access controls

Looking at the access controls used by each brand, we can see that all of them have some form of account administration to manage user identities, allocate responsibilities and privileges, and define authentication rules. Additionally, most of the brands (except Swann and Lorex) offer digital certificate, chip, and face identification authorization solutions to enhance security. Swann uses slot reviewers, which are micro SD devices that permit or deny entry depending on a verified admission code. Lorex also offers slot reviewers but does not have identity management. Both brands allow the cancellation of stolen or lost credentials. Axis, Samsung Techwin, Uniview, and Hikam all have entrance processors that can use chip cards and secure regulation systems. They also offer streaming and taped recordings, webcam adjustments, and gesture recognition notifications. Location tracking is available for remote monitoring of property. Uniview's authentication solutions are designed to be adaptable, while Hikvision and Dahua offer visual confirmation. Overall, the data highlights the importance of having robust access controls to secure CCTV camera systems. The use of account administration, digital certificates, and other forms of authentication can help prevent unauthorized access. The availability of entrance processors, slot reviewers, and cancellation of stolen or lost credentials can further enhance security. Finally, the ability to stream and record footage, adjust webcams, and use location tracking can provide additional layers of protection and peace of mind for users.

Fix the graph Comment by Noura Aleisa: fix the graph

From the data, we can see that there is variation in the types of passwords used by the different brands. Hikvision primarily uses complicated and essential passwords, while Dahua does not stipulate a certain level of password complexity. Swann and Lorex both suggest the use of rugged credentials, while Axis and Uniview both recommend the use of rugged and robust credentials. Samsung Techwin uses complicated credentials for device protection, while Hikam recommends secure and complicated credentials for memberships. It is worth noting that some brands do not specify a certain level of password complexity, which may leave their devices vulnerable to attacks. Furthermore, some brands may recommend the use of strong and robust passwords, but it is ultimately up to the users to follow these recommendations and ensure that their passwords are secure. Overall, the data highlights the importance of considering the password policies of different brands when selecting a CCTV camera, and the need for users to be aware of the importance of using strong and secure passwords to enhance system security.

· Introduction

· Literature review

· Methodology

· Based on the proposed solution, the following is an analysis of how it addresses the issues presented in the literature review:

1- Multi-factor access control

2- Module for password change

3- Security awareness module

More detail on how the proposed solution addresses the issues presented in the literature review.

1. Multi-factor access control:

Many of the brands discussed in the literature review do not require strong passwords or have default passwords, making their systems vulnerable to hacking and other security breaches. Multi-factor access control provides an additional layer of security by requiring users to provide two or more forms of identification before gaining access to the system. This can include something the user knows (such as a password), something the user has (such as a smart card), or something the user is (such as biometric information like a fingerprint). By requiring multiple forms of identification, multi-factor access control makes it more difficult for unauthorized individuals to gain access to the system, even if they have obtained a password or other form of identification.

2. Module for password change:

Allowing users to change their passwords on a regular basis is another effective way to enhance the security of the CCTV cameras. By changing passwords regularly, users can reduce the risk of unauthorized access and data breaches. This is because attackers may be able to obtain passwords through various means, such as phishing attacks or password cracking software. By requiring users to change their passwords regularly (e.g. every month or two months), the likelihood of an attacker being able to use a stolen password decreases. Additionally, the module for password change can encourage users to choose stronger passwords that are less susceptible to being cracked by attackers.

3. Security awareness module:

One of the primary issues with password security is user awareness and education. Many users may not be aware of the risks associated with weak passwords or may not understand how to choose strong passwords. By providing a security awareness module that educates users on best practices for password security, users can better understand the importance of strong passwords and regular password changes. This can include information on how to choose strong passwords, how to avoid phishing attacks, and how to recognize suspicious activity on their accounts.

Overall, the proposed solution addresses the issues presented in the literature review by providing a multi-faceted approach to enhancing the security of CCTV cameras. By implementing multi-factor access control, regular password changes, and security awareness training, users can take proactive steps to protect their cameras and reduce the risk of security breaches. However, it is important to note that while these solutions can help to improve the overall security of the system, they are not foolproof and must be continually monitored and updated to ensure maximum effectiveness.

The central question that this Interview aims to answer is: "What is the level of awareness among CCTV users about the importance of changing and using complex passwords?" This research question will guide the development of the interview questions, the selection of participants, and the analysis of the data. The goal of the study is to gain a better understanding of CCTV users' perspectives and experiences related to password security, and to identify potential areas for intervention or policy development to promote better password practices among CCTV user.

We selected a random sample of CCTV users who have experience using passwords to access their CCTV systems.

Random sampling is a common sampling strategy used in research, where each member of the population has an equal chance of being selected for the study. The goal of random sampling is to obtain a representative sample of the population, which can increase the generalizability of the study's findings.

The random sample of CCTV users has selected through variety of methods, such as:

1. Using a list of CCTV users provided by the company or organization that provides the CCTV systems.

2. Using social media platforms to recruit participants who use CCTV systems.

3. Recruiting participants from public places such as shopping malls or parks

· Data Collection:

Data collection involves gathering information from the selected participants using a semi-structured interview guide that includes open-ended questions about the CCTV users' awareness and practices of changing and using complex passwords.

The following steps were taken to collect data:

1. Recruitment of participants: Participants were recruited based on the random sampling strategy. Once a sample was selected, participants were contacted and invited to participate in the study. They were given information about the study's purpose, the interview process, and their rights as participants.

2. Informed consent: Before the interview began, participants were asked to sign an informed consent form that explained the study's purpose and procedures, their rights as participants, and the confidentiality of their responses.

3. Conducting the interview: The interview was conducted using a semi-structured interview guide that included open-ended questions about the CCTV users' awareness and practices of changing and using complex passwords. The interview was conducted in person or over the phone, depending on the preference of the participants. The interviewer recorded the interview with the participants' permission and took detailed notes during the interview.

4. Follow-up questions: If necessary, follow-up questions were asked to clarify the participants' responses or to explore a topic in more detail.

5. Data management: Data collected during the interviews were stored securely and confidentially. The audio recordings were transcribed verbatim, and the transcripts were checked for accuracy.

6. Data analysis: Transcribed data were analyzed using a qualitative analysis approach. The data were coded, categorized, and themes were identified. The analysis was conducted by two or more researchers to increase reliability.

7. Validation: Participants were asked to review and verify the accuracy of the transcripts to ensure that the findings accurately reflected their perspectives.

· Sample Size: (sample size of 10-30)

The sample size for this study was determined using a power analysis that took into account the expected effect size, significance level, and power of the study. Based on the power analysis, a sample size of 50-100 participants was recommended.

To select the sample, a random sampling strategy was used to ensure that each member of the population had an equal chance of being selected for the study. The goal of random sampling was to obtain a representative sample of CCTV users who had experience using passwords to access their CCTV systems.

Once the sample was selected, participants were contacted and invited to participate in the study. The sample size of 50-100 participants was considered sufficient to obtain a range of perspectives on the research question and to provide a reliable estimate of the level of awareness among CCTV users about the importance of changing and using complex passwords.

· Interview questions: (What if the CCTV system doesn’t require a PW? Default PW? )

1. How often do you change your password for your CCTV system?

2. Do you use a complex or simple password? Why?

3. Have you ever been hacked before? If yes, do you know why?

4. How do you store your passwords?

5. How many authentication factors do you use?

6. Have you received any notifications from your CCTV provider regarding weak passwords?

7. How important do you believe it is to change your password and use a complex one?

8. Do you use a password manager for your CCTV system?

9. Have you ever shared your password with anyone else? Why or why not?

10. How confident are you in your ability to create a strong and secure password?

These questions were designed to elicit information about the participants' awareness and practices of changing and using complex passwords. The questions were open-ended to allow participants to provide detailed responses and to explore their experiences and perspectives in more depth.

· Analyze the data:

We will use a qualitative analysis approach. This involves coding, categorizing, and identifying themes in the data collected from the semi-structured interviews. The interviews were designed to elicit information about the participants' awareness and practices of changing and using complex passwords, and the open-ended questions allowed for a detailed exploration of their experiences and perspectives.

The qualitative analysis approach involves several steps, including:

1. Transcription: The audio recordings of the interviews are transcribed verbatim to create a written record of the participants' responses.

2. Coding: The data is then coded, which involves labeling each segment of text with a descriptive term or category that captures its meaning. This helps to organize the data and identify patterns and themes.

3. Categorizing: The coded segments of text are then organized into categories based on their similarities and differences. This helps to identify broader patterns and themes in the data.

4. Identifying themes: The categories are then analyzed to identify overarching themes that emerge from the data. This involves looking for patterns and connections between the categories to identify the key themes that are relevant to the research question.

5. Interpretation: Finally, the themes are interpreted in relation to the research question to draw conclusions about the level of awareness among CCTV users about the importance of changing and using complex passwords.

· Validate the results:

Several measures were taken to validate the results. These measures include:

1. Informed Consent: Before the interview began, participants were asked to sign an informed consent form that explained the study's purpose and procedures, their rights as participants, and the confidentiality of their responses. This ensured that participants understood the study's purpose and procedures and were willing to participate.

2. Pilot Interviews: Before conducting the main interviews, pilot interviews were conducted with a small group of participants to test the interview questions and procedures. The pilot interviews allowed the researchers to identify any issues with the interview questions and to make necessary revisions.

3. Data Management: Data collected during the interviews were stored securely and confidentially. The audio recordings were transcribed verbatim, and the transcripts were checked for accuracy.

4. Data Analysis: Transcribed data were analyzed using a qualitative analysis approach. The data were coded, categorized, and themes were identified. The analysis was conducted by two or more researchers to increase reliability.

5. Validation: Participants were asked to review and verify the accuracy of the transcripts to ensure that the findings accurately reflected their perspectives. This helped to ensure that the data collected were accurate and reliable.

Overall, these measures helped to ensure the validity and reliability of the study's findings. The use of informed consent, pilot interviews, secure data management, and validation of the results helped to minimize the potential for bias and inaccuracies in the data, and to increase the trustworthiness of the study's findings.

Add appendices if needed, otherwise delete this part.