by More than 3.5 million products made in China IP cameras are only protected by a provider’s default the passwordor completely lacking in protection, putting users at risk of eavesdropping, experts have warned.
New research from CyberNews (opens in a new tab) found over 458,000 devices protected only by working default credentials in the US alone, alongside almost 250,000 in the UK, with countries including Mexico, China, Republic of Korea , with India, Brazil and Russia also on the list.
At least 21,000 cameras worldwide have no authentication, raising questions about invasions of Privacyand the impact of IP cameras on the global rise in cyber war.
Security Camera Passwords
All devices connected to the Internet are at risk of being accessed by unknown and potentially malicious third parties. In the case of security cameras, threat actors can access the live stream, record sensitive personal data, and use the camera as a vulnerable element. period on a network.
Researchers for CyberNews are concerned that all of the camera brands he encountered in his analysis have products in circulation that are allowed to operate without changing the default password, or without a password at all. These include Hikvision, HIPCam, Cisco, Toshiba and Linksys.
It’s not all bad news, however. The latest products from the most popular camera manufacturers are programmed, either by model or firmware version, to require users to set a password, or produce a random one.
96.4% of cameras CyberNews reviewed belonged to these brands, but it should be stressed that this does not mean that 96% of the connected cameras have increased protection.
Hardware devices often age, are deprecated by the manufacturer, and become ineligible for firmware updates, which can also push security patches. The vast majority of connected IP cameras will not be the latest models enforcing, or at least recommending, sound password security practices.
Where we are now is certainly an improvement over the results of CyberNews‘ research on this same topic last year, which found that only 5.3% of cameras mandated setting a password.
The world is turning to cyber warfare following the Russian-Ukrainian conflict and China’s growing reputation as a provider of surveillance services, with Ransomware and DDoS attacks become particularly common.
With that, there are growing fears about how devices from popular IP camera brands, such as China’s Hikvision, could be used by state-sponsored threat actors.
CyberNews reported that, until at least December 2022, Hikvision advertised “demographic profiling facial analysis algorithms” as part of its products on the company’s website, but after investigation (opens in a new tab) by The Guardianads have been removed.
Some Western democracies have weathered the growing influence of foreign surveillance technologies better than others in recent years.
In July 2019, then British Prime Minister Theresa May moved back (opens in a new tab) of its plan to allow Chinese company Huawei to help develop the country’s 5G infrastructure following US pressure. And in September 2020, The Guardian reported (opens in a new tab)that Hikvision cameras, blacklisted in the US, have been installed in UK leisure centers and, alarmingly, in school toilets.
However, things are moving in the right direction.
In November 2022, the UK banned (opens in a new tab) Chinese surveillance equipment of “sensitive” government sites, while the US Federal Communications Commission (FCC) adopted rules (opens in a new tab) prevent “communications equipment deemed to pose an unacceptable risk to national security” from being imported or sold in the country.
