The article describes a vulnerability in Trednet IP cameras that allows anyone with network access to the camera to view the images from the camera. While this vulnerability may only be limited to a number (at least 7 according to the original Console Cowboys blog post which is the basis for this article) of cameras from a single vendor, it is extremely likely that there are similar vulnerabilities in other cameras out there.
Now we have all seen the Hollywood burglar’s (both good guys and bad) who break into a secure facility by substituting a loop of no change from a video camera to hide their activities from the security guards watching the video displays. If we think about what the Stuxnet authors did to PLC programing to hide changes in the operation of the PLC and combine that with this type of camera vulnerability, then the Hollywood plot line becomes much more plausible.
If there are vulnerabilities this easy to detect and exploit in cameras, what other vulnerabilities exist in other components of these security control systems? Maybe we need a video security system cyber emergency response team (VSS-CERT) at DHS to keep track of these vulnerabilities and help and help security managers deal with compromises of their VSS. Or maybe we just need to bit the bullet and form the SS-CERT (SS for security system, not the other thing) to cover the complete security system with all of its supporting devices and software.