In the ITeS world, a backdoor implies that users – both authorized and unauthorized – can get access to computer systems, software applications, or networks. It can bypass general security measures and give high-level security access, or root access, to users. If cybercriminals have this access, they can steal personal information or financial data, deploy malware, or hijack devices.
However, backdoors are not used singularly by bad agents. They can as well be a part of software or hardware to deliberately regain access to their system after they get compromised. Such non-criminal variants turn out to be useful to help customers whose systems get hijacked by cyberattacks or to troubleshoot and resolve software issues.
In the world of CCTV cameras, unfortunately, there can’t be good backdoor guys. It’s because CCTV is a security device. The access to it implies access to end-to-end activities of a business, wherein sensitive information could get revealed. In other words, it means data theft to a certain extent.
Just imagine that cameras in and around New Delhi get accessed by the OEM of some hostile nation. Security cameras are deployed across all regions and especially high-security areas including Parliament, Defence Facilities, and so forth. It can be a direct threat to national security and by extension, the security of the country’s residents.
As we talk about it, there are specific standards of every country that allow its security agencies to access all cameras remotely irrespective of the manufacturer. Every OEM has to comply with those standards. In India per se, certain tenders specifically mention that no camera must have GB28181 compatibility, a Chinese standard. U.S.-based agencies in their forensic audit found cameras from leading manufacturers failing the test in the U.S. It prompted the United States to ban all cameras that were non-NDAA compliant. Interestingly, the majority of manufacturers in Europe and the U.S. were caught on the wrong side of the fence, thereby compromising data security in their product series and hence stand banned.
“It is critical to note here that most of the leading brands are not OEMs themselves. They simply rebrand the products by Chinese OEMs which left a lot of room for backdoor entry and data security compromise. So, it shouldn’t come as a surprise that NDAA has banned several models of companies based in the U.S, Europe or Japan.”
However, not all manufacturers have failed the litmus test of NDAA. Amongst the few European companies that came out with flying colors with all of their models complying with the National Defence Authorization Act comes Oncam.
Abhishek Kumar, Regional Director, Oncam (South Asia), states, “It gives us pride in stating that none of our product lines have ever been under grey or blacklist of the National Defense Authorization Act. This speaks about the quality of our product components as well as the high level of product design ensuring data and cybersecurity. With all Oncam products passing all wiretapping forensic tests in 2020, in 2021 our focus is to further strengthen cybersecurity in our CCTV cameras. The focus shall also be on educating our customers on cybersecurity and data privacy issues related to CCTV cameras. We shall strive to communicate to our end-customers that they shall benefit in data security by partnering and using products of a technology firm like Oncam.”