Update January 4, 2023: Removed reference to Linksys as a leading brand of webcams, as reported by home connectivity provider TechRadar Pro that there are currently no IP camera products for sale.
Over 3.5 million active made in China IP cameras they are only protected by default by the provider passwordor no protection at all, leaving users vulnerable to snooping, experts warn.
New research from CyberMessaging (opens in a new tab) detected over 458,000 devices protected with only default credentials operating in the US alone, alongside nearly 250,000 in the UK, and countries such as Mexico, China, Republic of Korea, India, Brazil and Russia are also on the list.
At least 21,000 cameras worldwide lack any authentication, raising questions about invasions Privacyand the impact of IP cameras on global growth cyberwar.
Security camera passwords
All devices connected to the Internet are at risk of being accessed by unknown and potentially malicious third parties. With security cameras, cybercriminals can access live streams, record sensitive personal information and use the camera as a vulnerable person end point on the Web.
Researchers CyberMessaging are concerned that all the camera brands she encountered in her analysis have products in circulation that can work without or without changing the default password. Such brands include Hikvision, HIPCam, Cisco and Toshiba.
But that’s not all bad news. The latest products from the most popular camera manufacturers are programmed, by model or firmware version, to force users to set a password or generate only random.
96.4% of cameras CyberMessaging surveyed belonged to these brands, but it is worth noting that this does not mean that 96% of connected cameras benefit from increased protection.
Hardware devices often age, are amortized by the manufacturer, and are not eligible for firmware updates, which may also introduce security fixes. The vast majority of connected IP cameras will not be the latest models that mandate or at least recommend healthy password security practices.
Where we are now is certainly an improvement with the results CyberMessaging‘ a study on the same topic last year found that only 5.3% of cameras required a password.
The world is leaning towards cyber warfare in the aftermath of the Russia-Ukraine conflict and China’s growing reputation as a provider of surveillance systems, with ransomware and DDoS attacks become especially common.
As a result, there are growing concerns about how the devices of popular brands of IP cameras, such as China’s Hikvision, could be used by state-sponsored cybercriminals.
CyberMessaging reported that until at least December 2022, Hikvision advertised “demographic profiling facial analysis algorithms” as part of its products on the company’s website, but after investigation (opens in a new tab) by Guardianads have been removed.
In recent years, some Western democracies have resisted the growing influence of foreign surveillance technology better than others.
In July 2019, then British Prime Minister Theresa May withdrew (opens in a new tab) from her plan to allow the Chinese company Huawei to help develop the country’s 5G infrastructure under US pressure. And in September 2020 Guardian reported (opens in a new tab)that Hikvision cameras, blacklisted in the US, have been installed in UK entertainment centers and, alarmingly, in school restrooms.
However, things are moving in the right direction.
In November 2022, Great Britain Prohibited (opens in a new tab) Chinese surveillance equipment from ‘sensitive’ government facilities while US Federal Communications Commission (FCC) adopted rules (opens in a new tab) preventing the import or sale domestically of “communications equipment deemed to pose an unacceptable threat to national security.”