Report: Majority of surveillance cameras running out of date firmware

Dec. 5, 2019
New research from Genetec finds that almost 1 in 4 organizations still use default camera passwords

According to new research conducted by VMS provider Genetec, many organizations continue to fall short in using good cyber-hygiene practices when it comes to protecting network surveillance deployments.

In fact, the company found that more than 68% of cameras are currently running out of date firmware. In addition, nearly one in four organizations (23%) still fail to use unique passwords and continue to leverage the same password across all cameras from the same manufacturer.

“Our primary research data points to the fact that more than half of the cameras with out-of-date firmware (53.9%) contain known cybersecurity vulnerabilities. By extrapolating this to an average security network, nearly 4 out of every 10 cameras are vulnerable to a cyber-attack,” Mathieu Chevalier, Lead Security Architect at Genetec, said in a statement.

Until recently, IP cameras came with default security settings, including admin login information that is often publicly available on the manufacturers’ websites. While most camera manufacturers now request users to set up a new password and admin credentials at installation, businesses, cities and government organizations with older equipment never updated their passwords, potentially compromising the other critical data and systems that reside on their network.

“Unfortunately, our research shows that the “set it and forget it” mentality remains prevalent putting an entire organization’s security and people’s privacy at risk. All it takes is one camera with obsolete firmware or a default password to create a foothold for an attacker to compromise the whole network,” added Chevalier. “It is critical that organizations should be as proactive in the update of their physical security systems as they are in updating their IT networks.”

Sponsored Recommendations

Trend Micro commits to U.S. cyber protection by joining Hacking Policy Council

Trend brings formidable experience in this space through its Zero Day Initiative (ZDI), a vendor-agnostic bug bounty program, and a leading voice in ethical disclosure practices...

Keeper Security shares most important files to preserve when disaster strikes

By protecting these documents and storing them in a safe place, such as a digital vault, you'll be much more prepared when disaster strikes.

Former National Cyber Director Chris Inglis joins Semperis’ Strategic Advisory Board

Inglis’ appointment follows announcements from Semperis of aggressive expansion into the public sector and other strategic advisory board appointments, such as the addition of...

NordVPN survey: Americans scored 64% in the National Privacy Test

Results show that the world's online privacy and cybersecurity awareness is declining every year.