Attacks and Preventive Measures on Video Surveillance Systems: A Review

: Video surveillance systems are widely deployed with large systems for use in strategic places such as home security, public transportation, banks, ATM centers, city centers, airports, and public roads, and play a vital role in protecting critical infrastructures. As various attacks are possible in these systems, identifying attacks and considering suitable security measures are essential. In this paper, we present a detailed review of existing and possible threats in video surveillance, CCTV, and IP-camera systems. This provides insight for the better identiﬁcation of the security risks associated with the design and deployment of these systems and promotes further research in this emerging ﬁeld. We also present countermeasures to prevent and protect the surveillance systems from various security attacks.


Introduction
Surveillance systems have become more and more popular in recent times. Government and private organizations, residential societies, and commercial and public spaces, are using these systems to keep a check on various activities for security and safety purposes. In French, the word "sur" means "from above" and "veiller" means "to watch". Surveillance means monitoring movements, activities and behavior in order to manage, control, and protect people. Surveillance systems have the advantage of remote and continuous monitoring. To view events as they occur and to monitor activities in any area at a later time, closed-circuit television systems (CCTV) technology is being used. Increasing thefts and criminal activities demand the usage of CCTV cameras in both commercial and residential sectors for security purposes. CCTV cameras are available in different forms: non-IP (Internet Protocol), IP CCTV cameras and wireless CCTV cameras. Due to the features of technology, flexibility, ease of use, and affordability, the usage of IP-based wireless CCTV cameras is becoming a trend in the present scenario. As it is being used in many applications all over the world, the market for CCTV is widely expanding. Figure 1 shows the forecast of the wired and wireless cameras market in the coming years. The size of the security camera market was valued at USD 3.71 billion in 2019 and is expected to grow at a compound annual growth rate (CAGR) of 15.7% from 2020 to 2027 [1].
The virtue of IoT is that it gives new look for the upcoming video surveillance systems. Instead of capturing footage and visualizing it later in order to detect theft, violence or vandalism, there is a need for cameras to self-detect the abnormal events and interpret the same to other systems for necessary actions. To cater to this, cameras are becoming The virtue of IoT is that it gives new look for the upcoming video surveillance systems. Instead of capturing footage and visualizing it later in order to detect theft, violence or vandalism, there is a need for cameras to self-detect the abnormal events and interpret the same to other systems for necessary actions. To cater to this, cameras are becoming smart, with the integration of the latest technologies. The smart cameras have exploited the benefits of computer vision, machine learning and automation. IoT helps to connect network-enabled cameras with other devices and systems and thus transforms secure surveillance into smart security surveillance systems.
Overview of VSS: Video surveillance systems are widely used in cyber-systems such as healthcare, traffic analysis, wildlife monitoring, environmental monitoring, weather forecasting and public safety. In VSS, security cameras are available in a wide range of styles and features. A wireless VSS source node consists of cameras, a transceiver, storage unit, microprocessor and power supply. Each node performs video compression, data transmission and video capturing as the basic function. The data processing unit and data transmission unit at each wireless node process a large amount of video data without degrading information and security, which is a most challenging task in video surveillance applications [2]. The general architecture of a functional VSS is illustrated in Figure 2.

Motivation and Our Contribution
The usage of VSS is ubiquitous in today's scenario. As these systems are more beneficial and available at affordable cost, they are widely utilized to protect the public and private network systems. Attackers are continuously targeting these systems with new attacks and vulnerabilities. When we use an internet-connected camera from a Overview of VSS: Video surveillance systems are widely used in cyber-systems such as healthcare, traffic analysis, wildlife monitoring, environmental monitoring, weather forecasting and public safety. In VSS, security cameras are available in a wide range of styles and features. A wireless VSS source node consists of cameras, a transceiver, storage unit, microprocessor and power supply. Each node performs video compression, data transmission and video capturing as the basic function. The data processing unit and data transmission unit at each wireless node process a large amount of video data without degrading information and security, which is a most challenging task in video surveillance applications [2]. The general architecture of a functional VSS is illustrated in Figure 2. The virtue of IoT is that it gives new look for the upcoming video surveillance systems. Instead of capturing footage and visualizing it later in order to detect theft, violence or vandalism, there is a need for cameras to self-detect the abnormal events and interpret the same to other systems for necessary actions. To cater to this, cameras are becoming smart, with the integration of the latest technologies. The smart cameras have exploited the benefits of computer vision, machine learning and automation. IoT helps to connect network-enabled cameras with other devices and systems and thus transforms secure surveillance into smart security surveillance systems.
Overview of VSS: Video surveillance systems are widely used in cyber-systems such as healthcare, traffic analysis, wildlife monitoring, environmental monitoring, weather forecasting and public safety. In VSS, security cameras are available in a wide range of styles and features. A wireless VSS source node consists of cameras, a transceiver, storage unit, microprocessor and power supply. Each node performs video compression, data transmission and video capturing as the basic function. The data processing unit and data transmission unit at each wireless node process a large amount of video data without degrading information and security, which is a most challenging task in video surveillance applications [2]. The general architecture of a functional VSS is illustrated in Figure 2.

Motivation and Our Contribution
The usage of VSS is ubiquitous in today's scenario. As these systems are more beneficial and available at affordable cost, they are widely utilized to protect the public and private network systems. Attackers are continuously targeting these systems with new attacks and vulnerabilities. When we use an internet-connected camera from a computer or smartphone, there is a chance that someone else can access it. That person

Motivation and Our Contribution
The usage of VSS is ubiquitous in today's scenario. As these systems are more beneficial and available at affordable cost, they are widely utilized to protect the public and private network systems. Attackers are continuously targeting these systems with new attacks and vulnerabilities. When we use an internet-connected camera from a computer or smartphone, there is a chance that someone else can access it. That person can be a "hacker" or an application to which we may have knowingly or unknowingly given access permission. For example, when a simple search word such as "webcamXP" is given on Shodan.io [3], an IoT search engine, one can access random video footage of retail stores, city centers, boating docks, and domestic spaces. The large scale, restricted resources, outdated firmware, poorly secured IoT devices and inbuilt vulnerabilities have attracted bad actors to perform various attacks on the IoT ecosystem. Table 1 shows examples of real-time attacks that occurred on VSS. Due to a fault in the design, an interloper could obtain entrance through the cloud to all cameras and control them. The primary issue for this is the cloud architecture depended on the XMPP communications protocol.
Command and control attack [11] June, 2018 Foscam security cameras The attacker utilized stack-based buffer overflow vulnerability to crash the webService procedure and gain administrative access.
Command and control attack [12] July, 2019 Delhi, India Remote hacking and backdoor access to CCTV cameras.
Privacy attackransomware [13] March, 2021 USA 150,000 security cameras at banks, jails, schools, carmaker Tesla, and other sites were hacked to expose "the surveillance state".
The reasons for above-mentioned attacks may be due to the usage of default login credentials, no access privileges and poor security and privacy features. The motivation for an attacker could be blackmailing, the ability to observe live video feed, access to video footage, access to VSS network, disabling video feeds, violating privacy, remotely disabling the connection, and performing DoS attacks, etc. As VSSs are used in important places, only authorized agents should have the access to monitor and control it. Privacy and security are the foremost concerns while using such systems. Considering all this, this paper first identifies the possible attacks on such systems and then discusses the measures that can be incorporated to prevent security attacks. Additionally, a comparison is carried out on existing VSS frameworks along with their advantages and disadvantages.
After the launch of the Mirai attack and its consequences in the year 2016, there has been a dramatic increase in studies related to attacks and vulnerabilities in the VSS domain. The articles have discussed the loopholes and flaws in the IoT networks. For our review, we have considered the peer-reviewed articles from the year 2016 to 2021. Keywords used for the literature survey are as follows: video surveillance systems, attacks on VSS, security frameworks for VSS, privacy issues with IP camera and botnet. To understand the security loopholes and possible solutions to mitigate the threats in VSS, this paper follows the following steps ( Figure 3) to articulate the security issues of VSS. Keywords used for the literature survey are as follows: video surveillance systems, atta on VSS, security frameworks for VSS, privacy issues with IP camera and botnet. understand the security loopholes and possible solutions to mitigate the threats in V this paper follows the following steps ( Figure 3) to articulate the security issues of VS The rest of the paper is organized as follows: various types of attacks in VSS are gi in Section 2. The security measures for VSS are summarized in Section 3. In Section detailed review and analysis of the latest advances in VSS frameworks are presented a tabulated. Concluding remarks are made in Section 5.

Attacks on VSS
In this section, we present all the possible types of active attacks at different layer the video surveillance systems. The main issues are (a) privacy and security that conce a surveillance system, (b) the uncertainty of not knowing what happens to your data w it is stored in the cloud and (c) how the user monitoring devices such as smartphones also be a cause of the attack in the surveillance network [14][15][16][17][18][19][20][21][22][23].
In an attack scenario, the basic steps are: (a) information gathering, (b) assess vulnerability, (c) launching attack, and (d) cleaning up. Some of the tools used by attack at different steps are listed in Figure 4. Hoque et al. [24] present more elaborate detail information gathering and attack launching tools that can be used by attackers. M.R et al. [25] presents details of different vulnerability databases available, attack surfa and their details.  The rest of the paper is organized as follows: various types of attacks in VSS are given in Section 2. The security measures for VSS are summarized in Section 3. In Section 4, a detailed review and analysis of the latest advances in VSS frameworks are presented and tabulated. Concluding remarks are made in Section 5.

Attacks on VSS
In this section, we present all the possible types of active attacks at different layers of the video surveillance systems. The main issues are (a) privacy and security that concerns a surveillance system, (b) the uncertainty of not knowing what happens to your data when it is stored in the cloud and (c) how the user monitoring devices such as smartphones can also be a cause of the attack in the surveillance network [14][15][16][17][18][19][20][21][22][23].
In an attack scenario, the basic steps are: (a) information gathering, (b) assessing vulnerability, (c) launching attack, and (d) cleaning up. Some of the tools used by attackers at different steps are listed in Figure 4. Hoque et al. [24] present more elaborate details of information gathering and attack launching tools that can be used by attackers. M.Rytel et al. [25] presents details of different vulnerability databases available, attack surfaces and their details. Keywords used for the literature survey are as follows: video surveillance systems, attacks on VSS, security frameworks for VSS, privacy issues with IP camera and botnet. To understand the security loopholes and possible solutions to mitigate the threats in VSS, this paper follows the following steps ( Figure 3) to articulate the security issues of VSS. The rest of the paper is organized as follows: various types of attacks in VSS are given in Section 2. The security measures for VSS are summarized in Section 3. In Section 4, a detailed review and analysis of the latest advances in VSS frameworks are presented and tabulated. Concluding remarks are made in Section 5.

Attacks on VSS
In this section, we present all the possible types of active attacks at different layers of the video surveillance systems. The main issues are (a) privacy and security that concerns a surveillance system, (b) the uncertainty of not knowing what happens to your data when it is stored in the cloud and (c) how the user monitoring devices such as smartphones can also be a cause of the attack in the surveillance network [14][15][16][17][18][19][20][21][22][23].
In an attack scenario, the basic steps are: (a) information gathering, (b) assessing vulnerability, (c) launching attack, and (d) cleaning up. Some of the tools used by attackers at different steps are listed in Figure 4. Hoque et al. [24] present more elaborate details of information gathering and attack launching tools that can be used by attackers. M.Rytel et al. [25] presents details of different vulnerability databases available, attack surfaces and their details.

Visual Layer Attacks
VSSs are used by applications for the recognition of facial features, the automatic reading of license plates, scanning and reading QR codes and the compression of image data. VSS has an additional level of abstraction, i.e., the visual layer. This layer is prone to a few types of attacks as they involve imagery semantics and image recognition. The attacks are spread/injected in a multitude of ways, such as preinstalled malware in the system or through a firmware update or remote command insertion [26].
Malicious images can be embedded into the images taken by video cameras/sensors [27]. One of the most common attacks on a live feed from VSS is frame duplication attack. An attacker, once gaining access to a VSS system, can insert previously recorded "normal" looking frames in place of the live stream, to avoid the detection of ongoing suspicious activity. To detect these frame duplication attacks, spatial and temporal domain similarities between frames are extracted and analyzed using various correlation techniques. To achieve this, a massive database is required for storing a huge amount of data and an enormous amount of computation time is required to detect and prevent such attacks in real time.

Covert Channel Attacks
In this type of attack, informational objects between processes can communicate which normally should be blocked as per the security policy. These attacks are different from legitimate channel exploitations which attack semi-secured systems using techniques such as steganography, to disguise prohibited objects inside actual informational objects. Attackers can communicate with malware embedded inside a system using this type of attack. Based on criteria such as timing/storage, network/OS/hardware, and value/transition based, covert attacks can be classified into various types. Some examples of covert channel attacks [28,29] are:

•
Manipulating CCTV/VSS infrared LEDs: by sending command/control data to the VSS cameras by using the infrared LED messages; • A new type of optical covert channel named (VisisSploit) leaks data through a computer LCD display; • Network-based covert channels can be created to coordinate distributed denial of service attacks, bypassing the user firewall. For example, the IPv4 header TTL field can be used to carry information into or out of a network domain.

Steganography Attacks
Steganography involves a method to use the unused or less important information bits of the user content (such as images, videos, network traffic). Two types of common steganography attacks are hiding the malicious code in the genuine application and by a command and control (C & C) communications channel [30,31].
A common technique in many malware droppers is to append data to the end of the file or utilize unused portions of the file format [32]. In any method of steganography, it is hard to detect malicious code coming through user files in a network. Malicious payloads can be embedded into a set of PNG files. The PNG files can then be compiled into a legitimate application, along with a function that would extract and drop the malware onto the system.
In command and control protocol attacks, the "Domain Name Server (DNS) and Hyper Text Transfer Protocol (HTTP)", can be used to embed the malicious code in response to a request from a client.
As an example, we consider User A (house or office owner) who approaches the IP camera. After it detects User A's face successfully, it stores the image and captures another image without a face (named a cover image). The steganography technique is now used to send a "stego image" (combined image where the actual image is hidden in the cover image). This "stego image" is stored in the home server, which then will be processed using the reverse steganography technique to retrieve the original image with the face.
Another User B (attacker) intercepts data transmission between the IP camera and the home server and captures all the data which have "stego image" along with other captured images. At this point, the attacker can perform three categories of attack; namely, stego-only attack, known cover attack and known message attack. Any image can be represented with a pixel value (a bunch of ones and zeroes). The cover image will also have a string of bits, but their sequence of bits will be different on the LSB or the MSB side when compared to the corresponding face image. Any change on the LSB bits of the face image will not alter it significantly, whereas changes in the MSB bits will significantly degrade the quality of the face image. An attacker can use statistical analysis for the detection of changes in LSB bits or human visual perception to detect the changes in the MSB bits to detect the face image from the cover image. User B can then use this decrypted face image to attack the home security system and gain access to the home or office.

Pan-Tilt-Zoom Attacks
Pan-Tilt-Zoom (PTZ) is a functional characteristic of a surveillance camera that can zoom in and out, and change the view of the camera to horizontal (right, left) and vertical (up, down) angles. Camera models utilize stepper motors built into them and employ PTZ data protocols to achieve this functionality. The PTZ data protocols use RS-422 or RS-485 links, as well as Ethernet and Wi-Fi channels. PTZ-capable cameras can be controlled by keyboard shortcuts or with a specially designed joystick using PTZ commands. A compromised PTZ camera can send data to the external attacker along with the PTZ coordinates [33]. When a user is using a mobile application to watch a live feed from the camera through a cloud server, then all the PTZ requests are routed through cloud servers to the camera. If this communication is carried out after an interval of every few seconds, an attacker who is intercepting this communication may not be able to decode the PTZ data but can precisely find the interval after which communication is happening. The attacker can then launch an attack that matches with the communication interval, thus avoiding detection [34].

Denial of Service and Jamming Attacks
Any action or series of actions that prevent any part of an information system from functioning is known as denial of service by jamming the communication network [35]. When monitoring important activities such as real time crimes, in many video surveillance systems, it is critically important to have an un-tampered and uninterrupted operation. DoS and jamming attacks with a very short duration of less than a few minutes can still make a VSS camera miss a fast-paced crime such as a bank robbery. A denial-of-service attack on a home surveillance camera will not have a major impact when compared to denial-of-service attacks on commercial surveillance systems, which may have a greater impact. These kinds of attacks must be taken into consideration during the early phases of the setup and testing of the surveillance system. For example, "BrickerBot is a malware that attacks IoT devices that run a specific version of the DropBear SSH server and target Linux devices running Busy box (usually IP cameras)".
DoS attacks can be classified into two types: flooding and logic attacks. Flooding attacks work by overwhelming the current network with a large volume of complex data packets to deplete their resources such as memory and bandwidth. Logic attacks exploit the known vulnerabilities in the system to attack the remote servers. Out of these two types of attacks, flooding attacks are more dangerous as it is difficult (resource-intensive, time-intensive and cost-intensive) to differentiate real data packets from the flooded data.

Malware Attack
Malware comes in different forms and types such as viruses, Trojans, ransomware and spyware. In a smartphone, users download mobile applications, and malicious code embedded into the application program can gain access to personal information which the attackers can then exploit for financial gain [36]. The Mirai malware that occurred in 2016 takes advantage of the IP addresses of the devices that are vulnerable in the Internet of Things (IoT), and then turns these devices into bots that can be used as part of botnets for large-scale network attacks. Another malware, BrickerBot, like Mirai malware, infects its target and gains access to the device and destroys it-"bricks it", i.e., the device is longer operable. In a surveillance network, no one wants to wake up and realize that their surveillance camera no longer works because it was intentionally destroyed by someone trying to "protect" it. Nor does anyone want a picture or video of their device or application storage that went viral on social media due to their camera (which can be a surveillance camera or smartphone camera) being hacked. There are significant security threats with a malware attack which enables an attacker to execute any command on a target machine or within a target process. Due to this, the attacker can have a different way to invade by performing malicious code injection, data leaks and also performing privilege escalation. Access control entry vulnerabilities have been discovered on IP cameras, DVRs, and VPN routers which are publicly listed in https://cve.mitre.org. Here, CVE stands for Common Vulnerability Exposure.

Privilege Escalation Attack
In a multiple user architecture of any application or device network, access permissions to its users are restricted. Users at different levels have different permissions. In Android user applications or surveillance applications, components such as service, content provider, broadcast receiver and activity may be able to use privilege escalation to receive more permissions than required or desired. Two variants of privilege escalation are Vertical Privilege Escalation and Horizontal Privilege Escalation.
Vertical Privilege Escalation: bugs and design flaws can be applied to allow the smartphone user to execute higher level applications or functions. Even a process, for instance, may use a bug in the system kernel and run functions with system privileges. There must be at least one process running with system rights to enable another lower-level process to escalate.
Horizontal Privilege Escalation: the user and applications are located at the same permission level. Privilege escalation takes place if a user or an application can access data or functions of another user or application.
One of the Android built-in security features is the Android application sandbox. It is a technique to manage and separate the user applications from the critical system resources and applications. Privilege escalation attack bypasses sandbox restriction by running malicious code at run time [37]. An application which is "non-privileged" can still access files of "privileged" system applications such as geo-location, user passcode, battery status, camera permission, etc.
Similarly, in a video surveillance system, an attacker can exploit the firmware default port and login information and access the device as a user with privileged rights [38]. In such a scenario, companies could do nothing but recommend their customers apply newer firmware and use stronger passwords.
The prevalent attacks on different parts of the VSS infrastructure are outlined in Figure 5. Table 2 gives information on different types of attacks, their description and examples of how such attacks are conducted by the attackers.

Security Measures for VSS
The security of the hardware, firmware and network communications of video surveillance systems can be enhanced by following the guidelines summarized in this section. Preventing attacks against connected devices requires effort from both the industry and users. Vendors must adopt good practices for built-in security measures, such as secure remote access, basic encryption, and patching all known vulnerabilities [39][40][41][42][43][44][45][46][47]. Without proper safeguarding, IP-connected cameras are vulnerable to hacking, which can lead to the compromise of millions of security cameras and video recorders. The security mechanisms that can be used to prevent different types of attacks is tabulated in Table 3. To protect from security attacks, the security measures that are suitable at different layers (perception layer, network layer and application layer) are summarized in Figure 6.

Security Measures for VSS
The security of the hardware, firmware and network communications of video surveillance systems can be enhanced by following the guidelines summarized in this section. Preventing attacks against connected devices requires effort from both the industry and users. Vendors must adopt good practices for built-in security measures, such as secure remote access, basic encryption, and patching all known vulnerabilities [39][40][41][42][43][44][45][46][47]. Without proper safeguarding, IP-connected cameras are vulnerable to hacking, which can lead to the compromise of millions of security cameras and video recorders. The security mechanisms that can be used to prevent different types of attacks is tabulated in Table 3. To protect from security attacks, the security measures that are suitable at different layers (perception layer, network layer and application layer) are summarized in Figure 6. Covert channel attacks, malware attacks, privilege escalation attack. Pre-testing Pre-testing can ensure application security by preventing malware. It can also validate applications and give proper access authority to application developers.
All types of attacks. Regular update Smartphone applications can prevent various types of attacks by regularly updating from various manufacturer-provided platforms. The basic and necessary steps to avoid video surveillance camera attacks are as follows: 1. Installation and regular updating of the anti-virus application is the foremost step to defend against malicious attacks. 2. Network topology and configuration of a system is critical in maintaining the security of IP-based cameras, as there are multiple entry gateways through which it can be attacked. Configuration access is the key to provide security to the system. A Figure 6. Summarizing the security measures at different layers. Table 3. Summary of security mechanisms.

Type of Attacks Mechanisms that Help to Prevent Attacks Description
Spyware and malware Anti-virus solution Commercially available anti-virus solutions can scan system and cache files, messages and emails as well as website URLs. They can also prevent spyware and malware by preventing access to a suspected phishing website.

IP spoofing Firewall
Firewall stops unauthorized inward or outward connections. It can prevent various types of network attacks by blocking unauthenticated wireless networks.
Man-in-the-middle, visual layer attacks.
Secure API Cryptography-based API can provide various secure functionalities to the application developer.

Access control
Access control not only limits the access of processes but also limits the user to resources and/or services, thus limiting risk from malicious applications.
Covert channel attacks, DoS, spyware, cross-site scripting attack. Authentication The user can login to a device only after being authenticated to prevent its unauthorized use.
Covert channel attack, spyware.

Spam filter
Spam filtering applications block unwanted calls, messages and emails. They can also prevent spam from reaching to the user's inbox.
Covert channel attacks, malware attacks, privilege escalation attack.

Pre-testing
Pre-testing can ensure application security by preventing malware. It can also validate applications and give proper access authority to application developers.
All types of attacks.

Regular update
Smartphone applications can prevent various types of attacks by regularly updating from various manufacturer-provided platforms.
The basic and necessary steps to avoid video surveillance camera attacks are as follows: 1.
Installation and regular updating of the anti-virus application is the foremost step to defend against malicious attacks.

2.
Network topology and configuration of a system is critical in maintaining the security of IP-based cameras, as there are multiple entry gateways through which it can be attacked. Configuration access is the key to provide security to the system. A local network system with a firewall and virtual private network (VPN) software for remote access is always safe. A secure, encrypted connection is a barrier for any attackers before they can go through a firewall. An alternative solution could be to use a cloud-connected IP security camera. In this type of locally connected system, rather than relying on a password to gain access to the firewall of a camera system, cloud-connected IP security cameras will communicate with a secured cloud-based server over an encrypted connection. Users can gain access by linking up their devices with those servers. Cloud-connected devices have the added advantage of continuous monitoring over locally connected systems. 3.
Using a unique, lengthy and unpredictable password for each camera is a good starting point. This is especially critical for a port forwarding system. However, if a system employs VPN, having a single secured password for all connected cameras is enough. As a rule, changing passwords every 90 days is recommended.

4.
Priority should be given to provide cybersecurity training to all employees who may have access to a central video surveillance system and all personnel must be made aware of cyber security guidelines.

5.
In case of security breaches, a cybersecurity incident response team can be constituted to respond to such emergencies.

6.
All latest software/firmware updates must be promptly applied as and when they are released by the manufacturers. 7.
If a cloud-based system is deployed, only authentic verified vendors should be chosen. 8.
One must be aware of all the latest cyber security standards being adopted as well as study all recent attacks to gain a better understanding of new techniques employed by attackers.

Review and Analysis of Existing VSS Frameworks
Yalon, the director of security research at Checkmarx [48] has explained a critical Android vulnerability CVE-2019-2234: the attacker can access the camera peripheral of popular smartphone devices such as Samsung and Google. The attacker can exploit this vulnerability and can access the victim's location, take photos of them and their surroundings, and record audio and video without the user's knowledge or consent. Additionally, the attacker can access the memory of the phone even when it is locked, the mobile screen is turned off or when the user is using another app such as call or browsing.
Subramanian et al. [49] demonstrate the two methods to hack into a camera application and take photos of the users without their consent. These malicious applications use background services and are able to capture the images and store them temporarily on the device using standard compression techniques.
Sanjana Prasad et al. [50] present a smart optimized surveillance system integrated with a smartphone or laptop using Raspberry Pi and a PIR sensor. The paper used an algorithm named ViBE (Visual Background Extractor) for detecting unwanted movement. The system transmits the video stream to smartphones or laptops for monitoring. They used a blowfish encryption and decryption algorithm to provide security for the transmission of video files between the source and destination.
Deypir et al. [51] studied the concept of criticality in Android permissions by analyzing the exploitation of permissions by known malware applications and their legal usage by useful applications. To measure the security risks of those malware applications, a new security model is proposed based on this analysis and the definition of large numbers of malware and benign apps. Computed risk values are most affected by the informative permissions and in turn, it gives rise to more security concerns. Two new datasets have been constructed from malicious and non-malicious Android apps and were analyzed against existing datasets to evaluate the proposed criterion. Usage pattern permissions of Android apps are changed over time to analyze the performances. A new risk measurement named "entropy-based risk score (ERS)" is introduced where entropy values are calculated from user applications based on the definition. As the security risk of giving permission is obtained, which can be similarly computed for Android calling as a security risk of giving permission.
Anagnostopoulos et al. [52] present the architecture of two different methods of DDoS attacks that can be carried out by botnets. The first method is completely based on a mobile botnet which takes advantage of the open Wi-Fi networks and a loophole in the mobile security which cannot blacklist the IP address which is frequently changing in the case of mobile devices. The second scenario consists of both mobile and PC, where a PC acts as a bot and acts as a proxy machine only because it has high computational ability compared to a smartphone. In both the methods and architecture, where the user presents the analysis of DNS amplification and/or TCP flooding how the proxy is initialized, mitigation, recovered and used to attack, Kambourakis et al. [53] explain the basic idea of Mirai's bot attack and the steps for executing the attack. An overview of its variants such as BrickerBot and Hajime botnet are presented.
Wu et al. [54] focused on security issues of frames captured by the surveillance camera by applying a background bootstrapping method, which eliminates background motion and allows for the precise estimation of salient motion. Salient motion estimation features can be measured by computing the block-level changes in current and reference frames. This motion estimation algorithm can detect even small background changes by using image-based temporal gradients for salient motion. VSSs capture videos in the combination of Red, Green, and Blue (RBG) format using pixel sensors with a high resolution and frequency. The author proposed a randomized capturing approach, which makes it impossible for attackers to extract original information data from the encoded frames. This denies information required by the attackers for building a crypto-analysis model. This algorithm is secure as an attacker obtains any meaningful information from the encoded image. The bootstrapping method reduces the bandwidth, transmission and storage cost as well as gives ample time for the security analysts to detect any suspicious activity.
Jeong et al. [55] have introduced a deep learning model to measure the classification accuracy of inserted malicious data as well as the side-channel attacks performed in a video surveillance system. An autoencoder and image-specific convolutional neural network (CNN) classification models were used, which are not limited to image datasets. NSL-KDD and an image dataset are first constructed in an adversarial sample with MNIST with a dataset that is first constructed. The samples were created using the "Jacobian-based saliency map attack (JSMA) method and the Fast Gradient Sign Method (FGSM)", in which autoencoder validation experiments and CNN-based classification models were created using the Tensor Flow and PyTorch libraries, to assess the risks of adversarial attacks. A predefined set of images is trained using the CNN algorithm and JSMA/FGSM is applied to extract the image dataset to determine side-channel attacks and image content alteration.
Rafik Hamza et al. [56] proposed a secure surveillance framework based on IoT systems by video streaming integration and the encryption of image algorithms. A highly efficient video encoding scheme is used to extract information from the frames using visual sensors to reduce redundant video processing. When an informative event is identified from key frames, a warning should be issued to concerned authorities autonomously. Event identification-based decision depends on the encoded key frames, but if modification occurs due to attacks during transmission, it can result in severe data losses. To overcome this issue, the author proposed a high speed and lightweight crypto algorithm for key frame encryption before transmission, which modifies the originality of key frames to break attacks, which in turn makes this highly suitable IoT-based systems. Table 4 summarizes the existing methods optimizing the video stream with multiple nodes in the network architecture and methods used for securing VSS. Details such as methodology, issues addressed, advantages and disadvantages of each method are tabulated. Table 4. Summary of literature review on VSS security and optimization methods.

Author(s) Methodology Issues Addressed Advantages Disadvantages
Wu et al. [54] The background bootstrapping method is applied, which eliminates background motion and the need to precisely estimate the salient motion.

Visual attack
Proposed a randomized capturing approach, which makes it impossible for attackers to extract informative data or original data from the decoded frames.
Deals with large amount of surveillance data to decide about abnormal and suspicious activity detection.
Jeong et al. [55] The adversarial attack method is used for finding vulnerability by employing a deep learning library for multimedia VSS.

Visual layer attack
The proposed experimental method measures the detected accuracy of the model and verifies the effect of adversarial samples.
Both the models used have a significant reduction in classification accuracy by using adversarial samples.

Author(s) Methodology Issues Addressed Advantages Disadvantages
Rafik Hamza et al. [56] Proposed a secured surveillance framework based on the Internet of Things (IoT) system with intelligent integration of video summarization using key frames extraction algorithm and image encryption algorithm.

Visual attack
High speed and lightweight probabilistic key frames encryption algorithm is proposed for encrypting the key frames before they are transmitted about an event alert.
The final decision is based on event identification of encoded key frames.
Hossain et al. [57] Summarizes several distinct issues of a cloud-based multimedia surveillance system and discusses the different design choices.
DoS attack and covert channel attacks Presents significant issues related to cloud deployment architecture, media acquisition strategy, cloud storage, media processing, resource allocation, notification and sharing, big data analytics, security and privacy, and cloud-based system performance.
The device should be authenticated to each other before data transfer takes place.
Lubica et al. [58] Analysis of the dictionary-based techniques for selecting the PIN (personal identification number).

Privilege escalation attack
The technique of the mitigated dictionary is useful for the selection of a secured PIN which is not prone to guessing attacks.
Application only works if a uniform PIN word is selected.
Alsmirat et al. [59] Provides an end-to-end security framework for a cloud-based video surveillance system supported by a Mobile Edge Computing (MEC) server.

Visual layer attack
The proposed cloud-based VSS supports large number of cameras. An end-to-end security framework provides mutual authentication, data integrity as well as confidentiality and key management.
Key exchange is the major problem in proposed method.
Xu et al. [60] A new model named video structural description (VSD) carries out the parsing of video content into text information by segmenting spatial and temporal data, selecting features, recognizing objects based on a semantic model.

Covert channel attack
Embedding video content into the text information reduces redundant frames processing.
The proposed approach is not tested with the attack model to check side-channel attacks.
Rahman et al. [61] Sensitive data generated from visual sensors is secured by designing a system which identifies various privacy leakage channels in the distributed VSS.

Covert channel attack
Privacy-related problems of the leakage channels are mitigated at different levels.
When a secured privacy vault (obtained from distributed visual sensors) is stolen, information may be compromised.
Gaj et al. [62] Geometric attacks are countered by using a compressed domain video watermarking scheme which embeds the watermark in the homogeneously moving object of a video sequence.

Visual layer attack
It can resist an RST (rotation, scaling and translation) attack without sacrificing the visual quality.
Not applicable for non-stationary backgrounds.

Author(s) Methodology Issues Addressed Advantages Disadvantages
Fadl et al. [63] A new duplication detection algorithm is employed based on the standard deviation of residual inter frames.
Visual layer attack/ steganography attack It is relatively effective in identifying inter-frame duplication forgery within an acceptable time.
It detects attacks in residual frames and is not possible for all types of intra-frame.
Lee et al. [64] Blockchain technology is used to securely synchronize the CCTV video using the Secure Merkle-Tree method in all the authorized nodes of the system.

Malware attack
It enables deduplication to reduce storage costs. Additionally, the proposed method can synchronize CCTV video data safely without exposing the privacy of the object in the course of synchronization It can have privacy violation due to the leakage of personal information from an object in a video, which may cause serious social issues.
Fitwi et al. [65] The Lib-Pri system uses the blockchain technique for integrity checking, blurring mechanisms, and video access permissions.

Visual layer modification
Privacy-sensitive objects are detected and masked or blurred in the block chain network. Access permission for users is mentioned in a smart contract document. It ensures the regeneration of a masked image in an isolation storage if required for legal purposes.
The Lib-Pri system accuracy is crucial and applying a reversible mask to preserve privacy is an issue of concern.

Conclusions
In this paper, we have systematically presented various types of attacks on camerabased surveillance systems along with the prevention measures. The current developments of authentication methods to overcome the different attacks are outlined. Most of the methods reviewed attempted to provide security and methods of handling the video stream in video surveillance systems and smartphones. Existing security methods such as firewall, access control, and IDSs/IPS available for general network security may not be fully suitable for these environments. To mitigate the vulnerabilities and attacks, up-todate security measures, tools and techniques are required. In the future, a comprehensive design will be proposed to mitigate the majority of the identified attacks in the video surveillance systems.

Conflicts of Interest:
The authors declare that they have no conflicts of interest to report with respect to this paper.