Outdated firmware could be putting IP camera security at risk

Tuesday, 10 December, 2019

Outdated firmware could be putting security cameras at increased risk of cyber attack, according to new research.

The study — conducted by Genetec — looked at cyber defences in over 44,000 cameras connected to systems that are part of the company’s opt-in product improvement program.

Of cameras sampled, almost seven in 10 were running out-of-date firmware, Genetec said, leaving them without the latest features and, more importantly, the latest cyber protection.

“Our primary research data points to the fact that more than half of the cameras with out-of-date firmware (53.9%) contain known cybersecurity vulnerabilities. By extrapolating this to an average security network, nearly four out of every 10 cameras are vulnerable to a cyber attack,” Genetec Lead Security Architect Mathieu Chevalier said.

Genetec also found that nearly one in four organisations relied on a single password for all cameras from the same manufacturer, giving hackers easy access into the network once only one camera has been compromised, the company said.

Until recently, Internet Protocol (IP) cameras came with default security settings, including admin login information that is often publicly available on manufacturers’ websites, Genetec said. While most camera manufacturers now request users set up a new password and admin credentials at installation, businesses, cities and government organisations with older equipment may not have updated their passwords, potentially compromising other critical data and systems in their network.

“Unfortunately, our research shows that the ‘set it and forget it’ mentality remains prevalent putting an entire organisation’s security and people’s privacy at risk. All it takes is one camera with obsolete firmware or a default password to create a foothold for an attacker to compromise the whole network,” Chevalier said.

“It is critical that organisations should be as proactive in the update of their physical security systems as they are in updating their IT networks,” he concluded.

Image credit: ©stock.adobe.com/au/Goodpics