519070 or blank: The PINs that can pwn 80k online security cams Researchers say up to 80,000 digital video recorders (DVRs) used to record footage from surveillance cameras employ hardcoded passwords - or don't use one at all - opening avenues for attackers to breach home and business networks and compromise privacy. In one examination, at least 46,000 DVRs were found open to remote …
It doesn't do any harm, since it takes only a few seconds to find out the information from elsewhere on the web.
And being this in-your-face about it may embarrass the manufacturer enough to issue a fix. I wonder how many purchase orders for their products have been cancelled even in the time that it takes to type this.
Maybe none. Probably none, even, if the amount of people handing over their privacy to Facebook is any indication.
But seriously, this hack can only take place if the camera is connected to the network. That means all CCTV purchases are not at risk from the Internet. Of course, they are perfectly at risk from physical tampering, but if your threat is already that close, it's not the camera that will deter him.
As for me, I'm done even thinking about buying security cameras until an official rating has been created, implemented and can be verified stating that the hardware is secure and as tamper-proof as possible without any backdoors or root access or hardware-coded passwords.
I'm not holding my breath.
As for me, I'm done even thinking about buying security cameras until an official rating has been created, implemented and can be verified stating that the hardware is secure and as tamper-proof as possible without any backdoors or root access or hardware-coded passwords.
Mine are on a VLAN all by themselves with no route to the internet and only have firewalled, inbound access from select IP addresses and a box running zoneminder.
Not perfect, but they're not phoning home nor have access to probe the network.
Yes because although some devices have been identified as having this security problem there may be many others.
An example is my storage options IPcam, I've checked it and this pin doesn't work but if I didn't have the pin how would I ever know? The article also makes me quite curious about a "root" user so I've just created one to see if it will allow it and it does hopefully indicating there isn't a hidden "root" user though without picking it apart I wouldn't know but as it's just a door motion email cam I'm not really that bothered if someone wants to watch the back of my front door all day.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
