Security vulnerabilities in surveillance cameras raise concerns

Surveillance cameras are a booming industry in Vietnam with an annual growth rate of approximately 14 percent.

A traffic surveillance camera in Vinh Yen City, Vinh Phuc Province. Experts are concerned that undetected attacks could result in government data being leaked.

However, a recent wave of data leaks has exposed a troubling truth: these watchful eyes might not be as secure as we think.

Surveillance cameras are a booming industry in Vietnam with an annual growth rate of approximately 14 percent.

The market, valued at roughly US$175 million in 2023, is dominated by Chinese giants Dahua and Hikvision who hold a staggering 90 per cent market share.

The problem lies in how these cameras store and transmit data. Many rely on cloud storage, meaning the footage you think is secure at home could be bouncing around servers in another country.

This raises serious privacy concerns as sensitive personal information can be exposed if these servers are compromised.

Vu Ngoc Son, Head of the Technical Department under the Vietnam National Cyber Security Technology Corporation, believes that remote access and lack of regular software updates and antivirus protection could make surveillance cameras susceptible to undetected attacks.

For individuals, the consequences can be devastating: privacy breaches, blackmail and even criminal activities. For organisations, the risks escalate to espionage, data theft and even the exposure of government's classified information.

The issue is not confined to theoretical risks. In Vietnam, hackers are actively selling access to vast networks of compromised cameras, with prices as low as VND800,000 (US$31) for access to 15 cameras.

This alarming reality underscores the urgent need for action.

Son urges individuals to take proactive measures to fend off data leaks, including purchasing surveillance cameras from reliable sellers with a transparent data storage policy, enabling two-factor authentication in remote access and regularly updating software patches.

For organizations, he suggests implementing strict password policy and role-based access controls and regularly conducting security checks to mitigate vulnerabilities.

In response to the growing concerns, the Ministry of Information and Communications (MOIT) on May 5 issued a set of guidelines for secure camera usage.

These guidelines, known as "Basic Network Information Security Requirements for Surveillance Cameras", provide a comprehensive framework for manufacturers, organisations and individuals to ensure the safety and privacy of their data.

Tran Dang Khoa, Deputy Director of MOIT's Authority of Information Security, reveals that the guidelines cover three main topics.

The first involves technical requirements that mandate robust security features for surveillance cameras and their associated applications, including strong passwords, comprehensive user manuals and clear instructions for secure setup.

The second involves data processing and storage, stipulating that surveillance cameras process, store and manage data within Vietnam, adhering to the country's data regulations.

The third centres around the producers' duty to implement online systems that provide users with readily accessible patch information and notify them upon logging into device management applications.

Khoa also notes that MOIT is actively collaborating with stakeholders to develop a "National Technical Regulation on Basic Network Information Security Requirements for Surveillance Cameras".

This regulation, expected to be enacted later this year, will mandate compliance with the security guidelines for all surveillance cameras manufactured, imported or sold within Vietnam.

Nguyen Duc Quy, Director-General of Vconnex Industry Technology JSC, highlights the far-reaching impact of the guidelines on stakeholders.

He believes that the guidelines will enhance user awareness of cybersecurity, foster the development of domestic manufacturers' technological capabilities and contribute significantly to national cybersecurity.

He also reveals that domestically-produced cameras often rely on foreign open-source video management systems (VMS) due to a lack of robust domestic alternatives. To address this gap, he calls for the development of localized VMS and new rules to regulate the systems.

Other news