Default Password Palaver

Next story

Further to our blog about a website streaming CCTV cameras that used their default passwords, another site has surfaced that is streaming webcams and CCTV from around the world. Mark James adds to his previous comments and discusses the issues of overseas sites.

In my previous blog post I looked at a website that was, and potentially still is, streaming 73,000 security cameras from around the world. These cameras weren’t hacked, they merely used default passwords.

In much the same way, these webcams haven’t been hacked they are using default passwords or no passwords at all.


“Down to the individual”


I asked Mark James, ESET security specialist, with whom the fault lay?

“At the end of the day it is down to the individual to decide where to place the camera, once placed a decision should be made as to what is made available for online steaming.

“I totally understand why you would want to stream your front drive of even the alleyway providing access to the back of the house but honestly in what situation would you need to stream your children’s bedroom outside of your private residence?

“If you have a cam to keep an eye on your children as they sleep, that’s great, as a technology aware parent I had the same when they were young but I would never allow that feed to be streamed outside of my own private house.”

He also added about the people viewing the content that “As with all internet available content you need to ask your self is it right that I should be viewing this material? Just because it is there does not make it “right” to watch it.”


Reported to the Internet Police


Christopher Graham, UK Information Commissioner, has said he intends to work with Russian authorities to shut down the website, adding that such a website would be illegal in the UK. For Grahams full comments.

I asked Mark whether this highlighted an integral problem with the Internet.

“It’s always the same problem with any service hosted in another country, the rules are governed by the country hosting the server.

“It is and always will be the problem with the internet until changes are made by an organisation with global authority but the chances of that happening are extremely slim.”


Change those Passwords!


Education is the key point here, the end user needs to be fully aware that a default password exists and easy instructions on how to change it.

“The manufacture could make a default password and then force the user to change it on first use to something other than itself, but it may drive the cost of the unit up.

“The point here is not about how hard or long the password is, it’s about NOT using the default password, anything is better than the default password…anything!”

If you would like some advice about making a secure password then check out this blog post.

For the more security conscious who want to add an extra lay of security have a look at this post about 2FA.