Outdated firmware could be putting IP camera security at risk


Tuesday, 10 December, 2019

Outdated firmware could be putting IP camera security at risk

Outdated firmware could be putting security cameras at increased risk of cyber attack, according to new research.

The study — conducted by Genetec — looked at cyber defences in over 44,000 cameras connected to systems that are part of the company’s opt-in product improvement program.

Of cameras sampled, almost seven in 10 were running out-of-date firmware, Genetec said, leaving them without the latest features and, more importantly, the latest cyber protection.

“Our primary research data points to the fact that more than half of the cameras with out-of-date firmware (53.9%) contain known cybersecurity vulnerabilities. By extrapolating this to an average security network, nearly four out of every 10 cameras are vulnerable to a cyber attack,” Genetec Lead Security Architect Mathieu Chevalier said.

Genetec also found that nearly one in four organisations relied on a single password for all cameras from the same manufacturer, giving hackers easy access into the network once only one camera has been compromised, the company said.

Until recently, Internet Protocol (IP) cameras came with default security settings, including admin login information that is often publicly available on manufacturers’ websites, Genetec said. While most camera manufacturers now request users set up a new password and admin credentials at installation, businesses, cities and government organisations with older equipment may not have updated their passwords, potentially compromising other critical data and systems in their network.

“Unfortunately, our research shows that the ‘set it and forget it’ mentality remains prevalent putting an entire organisation’s security and people’s privacy at risk. All it takes is one camera with obsolete firmware or a default password to create a foothold for an attacker to compromise the whole network,” Chevalier said.

“It is critical that organisations should be as proactive in the update of their physical security systems as they are in updating their IT networks,” he concluded.

Image credit: ©stock.adobe.com/au/Goodpics

Related News

CrowdStrike to buy Adaptive Shield

CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...

LockBit named nastiest malware of 2024

LockBit, a ransomware malware known to have been used to attack Australian targets, has been...

Extreme Networks launches ZTNA solution

Extreme Networks' new ExtremeCloud Universal ZTNA solution combines cloud network access...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd