With news hitting the headlines that a Russian website is offering the ability to view images from network cameras such as webcams, baby monitors and some CCTV cameras, the Chair of the British Security Industry Association (BSIA) has warned that the use of unsecured systems is a real threat. Plus the increased use of webcams for security purposes is not a good idea.
Pauline Norstrom, chief operating officer of surveillance technology solution company AD Group and the current chair of the BSIA said:
“The issue of companies being vulnerable to having their cameras networks hacked is nothing new. We find that about half of the companies and organisations we talk to, large and small, don’t have adequate precautions. Sometimes it is a lack of awareness or simply a sloppy approach towards the security of their networks. Yet the results of being hacked can be catastrophic.
“In the case of an organisation that was responsible for five schools, we found that two schools had cameras that could easily be accessed by outsiders. The potential results if unscrupulous intruders had exploited this vulnerability would have been extremely serious. Yet, such risks can be eliminated with quite straightforward security actions.
“With so many media stories about hacking such as the News International debacle, it should be a top priority to ensure that networks are protected. The hacking of cameras has a wider implication as it can lead onto phone lines, web servers and in turn access to personal and transactional data. It all adds up to organisations not taking elementary and straightforward security precautions.
“Installers need to guide their clients as many companies do not consider the issues and implications. The technology is there to prevent hacking. It is not overly complex to ensure networks are protected. Yet, the issue remains and we have not seen it diminish over the years.
Pauline goes on to reveal that as webcam technology is creeping into the security industry this move has made business more vulnerable to breaches in security:
“If businesses demonstrate awareness, action and vigilance, they will go a long way to being secure,” she says. “Closed IPTV solutions ensure your IP video systems are completely protected from malicious threats – and still be able to access the system from the corporate network without creating any vulnerabilities as a result.”
The problem is occurring due to the fact that installers are not changing the passwords and ID names of cameras when putting them onto a network. In the same way that the telephone hacking was carried out by some media outlets, the Russian website gives the default details of some of the widely available cameras (such as ID: Admin, PIN: 0000) to give access to unsecured systems. It is vital that installers change these codes and, if possible, use a secured network.
Owners of the site have said that they only created the site to show the vulnerabilities of cameras and will now take the pages down.
In the November and December editions of PSI we have discussed with a number of industry experts the security of using remotely monitored network systems, IP camera vulnerability and the reasons why default passwords are putting businesses at risk.