Your IP camera is a computer

November 2015 News

It’s a sad fact that in the security industry, cost more often than not clinches the deal. This is not always the case as there are some people out there buying security because they know what they want to get out of it, but in many cases it is still a grudge purchase and the cheapest offer wins – or the guy who knows the guy and/or sweetens the deal, wins.

A couple of decades ago this may have been acceptable, but not today. In a world where everything is connected, you can’t leave vulnerabilities open to exploitation because they will be exploited. Take the example of Hikvision a few months ago when its cameras were used to compromise a network. The issue was publicised and Hikvision’s name was associated with the breach, but in the end it was not the camera manufacturer’s fault.

In this particular instance, the installer hadn’t bothered to change the default password on the IP cameras, allowing hackers to easily access the cameras and then the network. Hikvision has since said it is updating its firmware to ensure that installers have to change the password when installing a camera. Unfortunately this won’t help unless the installer uses a decent password and not “password” for every camera. And that won’t happen unless the customer insists on strong passwords and actually manages the process to ensure it’s done.

Another more recent example comes from Israel where researchers found malware had been installed on a mall’s cameras – again the default passwords were left in place by an irresponsible installer – and the cameras were used to launch a denial of service attack. The attack was launching about 20 000 requests per second from around 900 IP cameras in this particular mall and other cameras around the world – a global CCTV attack. (You can see more at https://www.incapsula.com/blog/cctv-ddos-botnet-back-yard.html, short URL: https://goo.gl/NEh0Kp).

Identity and access

And on the subject of access and identity, our Access & Identity Management Handbook 2016 is being posted at the same time as the November issue, so make sure you get yours. It has 144 pages of information, trends and products to ensure you get a head start on access control in 2016. As always comments are welcome at andrew@technews.co.za

Andrew Seldon

Editor


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

TAPA: The role of an effective treasury function in business risk management
June 2019, Technews Publishing , News
Neil Le Roux, the Founder of Diligent Advisors will speak at the TAPA SA (Transported Asset Protection Association) annual conference on 26 July 2019.

Read more...
Platforms are us
September 2019, Technews Publishing , News
A conversation I had at the recent Residential Estate Security Conference Hi-Tech Security Solutions hosted in August (which will be reviewed in the October issue) got me to thinking about the security ...

Read more...
TAPA conference 2019 explores layered approach to security
September 2019, Technews Publishing, TAPA (Transported Asset Protection Association) , News, Transport (Industry)
The Transported Asset Protection Association (TAPA) held its annual South African conference at Emperors Palace in Johannesburg on 26 July 2019.

Read more...
Hennie Lategan joins Centurion as head of exports
September 2019, Centurion Systems , News, Access Control & Identity Management
Centurion Systems has announced the appointment of Hennie Lategan as the head of the company’s exports department.

Read more...
New Africa sales manager for Axis Communications
September 2019, Axis Communications SA , News, CCTV, Surveillance & Remote Monitoring
Axis Communications has appointed Brendon Hall, previously the founder and MD of Pentagon, as its new sales manager, Africa.

Read more...
Check Point appoints new regional director for Africa
September 2019 , News, Cyber Security
Check Point Software Technologies has appointed Pankaj Bhula as regional director for Africa.

Read more...
ISO standard for protecting personal data
September 2019 , News, Cyber Security
Tackling privacy information management head on: first ISO standard for protecting personal data has been published.

Read more...
Hikvision helps secure African Union Summit
September 2019, Hikvision South Africa , News, CCTV, Surveillance & Remote Monitoring
Hikvision established a complete intelligent video solution to ensure the security of the thirty-third African Union (AU) Summit held on 7 July in Niamey, the capital of Niger.

Read more...
The hunt for the Carbanak group
September 2019 , Editor's Choice, Cyber Security, News
Tomorrow Unlocked has released a free four-part documentary that tells the story of the notorious Carbanak APT group and its $1 billion bank heist.

Read more...
Rockwell Automation a founding member of ISA Global Cybersecurity Alliance
September 2019 , News, Industrial (Industry)
To better secure today’s complex and often vulnerable production operations, the ISA Global Cybersecurity Alliance recently announced Rockwell Automation as a founding member.

Read more...