People, businesses, and communities rely on cameras to increase safety and deter threats, but many would be surprised to learn that these network-connected cameras could be leaving them exposed to vulnerabilities.
In a recent report, Protection1 estimated that there are between 5.42 and 7.79 unsecured cameras per 100,000 people in Montana, District of Columbia and in the State of North Dakota alone. (See the full report for the top states and cities within unsecured cameras in the United States).
The same report concluded that 42% of cameras come from public spaces, 27% of unsecured cameras broadcast from businesses and retailers, and another 15% came from the homes of Americans.
Keeping default passwords can put your organization at risk
As scary as these statistics might seem, the owners of these cameras left themselves and their businesses vulnerable to prying eyes by avoiding one simple step: changing the default password on the camera.
Most cameras come with default manufacturer passwords, which become commonly known. If you connect them to the internet without changing the password, you could become exposed. When installing and configuring the cameras, it’s important to change the default password to something secure.
Depending on the manufacturer, some setup wizards will prompt you to change the password, but others will give you the option to skip this step entirely. Therefore, it becomes your responsibility to configure strong passwords and update them regularly.
Securing your data and video shouldn’t stop there. While changing the password is a simple way to make sure your cameras don’t become accessible by common viewing sites such as insecam.org, you still might be susceptible to unwarranted intrusion.
In 2016, thousands of CCTV devices were hacked and became part of a botnet which caused massive denial-of-service (DDoS) attacks against a critical part of the infrastructure of the internet causing major internet platforms and services to become unavailable. This was the act of the Mirai Botnet and its method of infection was simply to try 60 common factory default usernames and passwords.
Download hardening guides to reinforce logical security
Leading device manufacturers such as Axis Communications and Bosch Security take device security very seriously and offer clients hardening guides that outline best practices for securing cameras. In the hardening guides below, simple steps can be followed to handle anything from resetting root passwords, adjusting network settings to filtering IP addresses and more.
At Genetec, we also offer our customers a hardening guide with basic and advanced-level security features that can be configured to help reinforce your logical security. If you’re interested in learning about other aspects which can help you secure your IP security system, including communications, servers, and data, read the Security-of-Security blog series: