Stay ahead of the pack
with the latest independent smart building research and thought leadership.
Have an account? Login
What Exactly Do you Get?
- Access to Website Articles and Notes. Unlimited Access to the Library of over 1,700 Articles Spanning 10 Years.
- 10% discount on ALL Memoori Research reports for Subscribers! So if you only buy ONE report you will get your subscription fee back!
- Industry-leading Analysis Every Week, Direct to your Inbox.
- AND Cancel at any time
We are living in an increasingly monitored world. Video surveillance and other IoT devices promise to increase our security but recent cyber attacks remind us that the difference between surveillance and espionage is in the eye of the password holder.
In the lead-up to deadly airstrikes in the first week of 2024, Ukraine has accused Russia of hacking into smart cameras, webcams, and other private surveillance devices to identify and monitor potential missile targets. In the midst of a long war in the Eastern European nation, people continue to protect their homes and assets, or share their experiences, using live camera feeds that are now being used against them.
In a statement from Ukraine’s security service (SBU), two civilian surveillance cameras in the capital Kyiv and second-city Kharkiv were compromised by Russian state hackers. The devices were used to monitor air defense systems and critical infrastructure, which were targeted to devastating effect in missile and drone strikes on January 2nd, killing at least five people and injuring 129 while disabling power and internet services.
“Many IoT devices lack robust security features, such as strong authentication mechanisms, regular security updates, and the ability to monitor and detect suspicious activities,” said Callie Guenther, senior manager at cyber threat research firm Critical Start. “As IoT devices become more ubiquitous and integral to critical operations, their security implications become more significant.”
The increasing ubiquity of IoT devices, and specifically cameras, is not in question. Our new research on the video surveillance market showed global revenues for equipment and software reaching an estimated $30.4 billion in 2022. This represents 4.5% growth over 2022 and for the 6 years between 2022-2028, the market is projected to expand at a 5.7% CAGR, reaching $44.8 billion by 2028. Security implications are, therefore, becoming much more significant, especially during conflicts.
Since Russia’s invasion in February 2022, Ukrainian security services say they have blocked attacks against more than 10,000 internet-connected cameras but it is not known how many have been breached. Of the two compromised devices found recently, Russian hackers reportedly even remotely changed the direction of one camera located on a residential balcony then live-streamed the feed on YouTube. This is modern internet-connected warfare.
IoT Cyber Warfare
Geopolitical cyber warfare is not new but since the emergence of smart buildings and cities, it has taken on dangerous new forms. In 2007, the Stuxnet worm was created to compromise the supervisory control and data acquisition (SCADA) system of facilities involved in Iran’s nuclear program.
There is a continuous system of hacking within the Israel - Palestine conflict, increasingly involving smart devices and connected surveillance equipment, while state-backed cyber espionage is reportedly targeting smart technology around the world.
“In both the Ukraine/Russia and Israel/Hamas conflicts both sides have been hacking into IP cameras and other IoT systems to gain intelligence, promote propaganda, and enable lateral movement into other systems,” said Bud Broomhead, CEO at IoT security firm Viakoo. “Many surveillance cameras are not maintained the way that IT systems are. They are managed outside of IT and often are ‘set it and forget it,’ and therefore lack proper cyber hygiene around firmware patching, password rotations, and certificate management.”
The issue is not limited to war, however, the same concept holds true for all kinds of criminal activity that can utilize a building’s smart devices, and especially video surveillance, to achieve malicious goals. A 2021 study by Palo Alto Networks’ Unit 42, found that while video surveillance only makes up 5% of total enterprise IoT devices, they account for over 30% of all security issues.
There may be no better praise for the vast potential of video data than the world’s leading intelligence agencies targeting video surveillance equipment for mission-critical information gathering. However, for those under attack, be that in military or geo-political warfare, criminal activity or invasions of privacy, the solution must come from better cyber security of devices, buildings, and city networks.
The fight against cyber crime and warfare in buildings is a rapidly growing industry in its own right. Our latest cyber security research estimates that global revenues for cyber security in buildings reached $4.33 billion in 2021 and we expect the market to achieve a compound annual growth rate (CAGR) of 12.2% over the forecast period, rising to a combined value of $8.65 billion by 2027. This market will continue to grow in reaction to the inevitable evolution of cyber attacks on buildings from all kinds of malicious actors.
Back in Ukraine, a statement from the SBU has now urged Ukrainians to take all cameras offline and to report any live streams they know of, warning citizens that it has always been illegal to film and publish military activity, punishable by up to 12 years’ imprisonment. Without adequate cyber security, the only defense is to disconnect.
