Most CCTV Systems Come With Trivial Exploits 89
An anonymous reader writes "The use of CCTV cameras for physical surveillance of all kinds of environments has become so pervasive that most of us don't give the devices a second thought anymore. But, those individuals and organizations who actually use and control them should be aware that most of them come with default settings that make them vulnerable to outside attacks. According to Gotham Digital Science researcher Justin Cacak, standalone CCTV video surveillance systems by MicroDigital, HIVISION, CTRing, and many other rebranded devices are not only shipped with remote access enabled by default, but also with preconfigured default accounts and passwords that are banal and easy to guess."
Also in the news (Score:4, Insightful)
Re:so? (Score:4, Insightful)
I wish I didn't knee-jerk my reply... Your point is exactly what I'm thinking.
Umm... Yea. I heard that corporate routers and switches come with really weak default protection! Your server will let anyone fire it up and login out of the box!
The horrors... This story is a non-story. If you go buy hardware for some purpose, make sure you configure it. If the story said most CCTV configurations have backdoors, or are easily exploitable even after prescribed lockdown, then we'd have something to work with.
What does CC mean? (Score:5, Insightful)
Re:Are we surprised? (Score:5, Insightful)
The professionals, with a legacy in CCTV-as-in-actual-closed-circuit-running-on-private-coax, probably have an attitude much as you describe. The classic CCTV systems were dumb as bricks(not that their designers necessarily were, making largely analog, reasonably high bandwidth systems actually work in practice isn't trivial); but that lack of sophistication served as a strong defense against anybody without a physical tap shoved right into the coax. You just don't develop a very strong culture of caring about remote exploits if your engineering history is almost entirely concerned with systems that are incapable of remote anything, whether you like it or not.
Then you have the upstarts(either new companies, or rebadged ODM crap sold by existing ones), who design CCTV systems on the premise that a CCTV camera is basically just an embedded linux board with a camera interface, and a record/playback system is basically just an x86 with some sort of h264 hardware and a lousy frontend. These assumptions are not false, and advances in silicon sensors and cheap embedded computers definitely mean that the price is right; but the standards of security excellence in low-cost embedded gear are absolutely fucking dire... These guys should know better, since their designs are 100% post-ubiquitous-networking in concept; but they just don't get paid enough, or enjoy long enough development cycles, to give a damn.
Re:Also in the news (Score:2, Insightful)
Most routers/web tv boxes/digital photo frames/wifi dildos come with trivial exploits. People sell things configured to work "out of the box"
Not Wifi dildos...
Re:This again? (Score:4, Insightful)