Outdated camera firmware and failing to change default passwords present some of the biggest weaknesses in cyber security defense. As the number of interconnected security devices keeps on growing, keeping pace with the latest updates can be tricky and very time-consuming. According to new research conducted by Genetec Inc. (“Genetec”), a technology provider of unified security, public safety, operations, and business intelligence, as many as 68.4%¬—or almost 7 out of 10—cameras are currently running out of date firmware.
Installing the latest firmware is not just about accessing exciting new features, warns Genetec. It ensures the latest cyber security protection measures are implemented as soon as they become available, a crucial step in ensuring an organisation’s resilience against cyber-attacks.
Cyber security vulnerabilities
IP cameras came with default security settings, including admin login information that is often publicly available
“Our primary research data points to the fact that more than half of the cameras with out of date firmware (53.9%) contain known cyber security vulnerabilities. By extrapolating this to an average security network, nearly 4 out of every 10 cameras are vulnerable to a cyber-attack,” said Mathieu Chevalier, Lead Security Architect at Genetec.
The research conducted by Genetec also showed that nearly 1 in 4 organisations (23%) fail to use unique passwords, relying instead on the same password across all cameras from the same manufacturer, leaving an easy point of entry for hackers once only one camera has been compromised. Until recently, IP cameras came with default security settings, including admin login information that is often publicly available on the manufacturers’ websites.
Physical security systems
While most camera manufacturers now request users to set up a new password and admin credentials at installation, businesses, cities and government organisations with older equipment never updated their passwords, potentially compromising the other critical data and systems that reside on their network.
“Unfortunately, our research shows that the “set it and forget it” mentality remains prevalent - putting an entire organisation’s security and people’s privacy at risk. All it takes is one camera with obsolete firmware or a default password to create a foothold for an attacker to compromise the whole network,” added Chevalier. “It is critical that organisations should be as proactive in the update of their physical security systems as they are in updating their IT networks.”