Information Commissioner’s IP camera warning doesn’t go far enough

Tom Reeve, editor, SecurityNewsDesk, warns about IP cameras
Editor’s blog: Tom Reeve

The Information Commissioner has reminded the public that default passwords on internet-connect IP cameras must be changed, preferably by creating a strong password, but I fear his warning doesn’t go far enough.

There are other dangers facing your web enabled security devices including:

  • Unpatched vulnerabilities
  • Misconfigured firewalls
  • Failing to switch off remote configuration tools
  • IP cameras not being isolated from the rest of your network

For more information, read our article Your IP cameras: an open door to cyber attack? (first posted three weeks ago but reposted today in light of the news).

It is rather surprising that the Information Commissioner and other watchdogs are only now issuing warnings about the dangers of web cams.

We covered this story a month ago – Private Cookstown CCTV Cameras Hacked – but this issue has been an open secret in both the IT and CCTV communities for years.

The Information Commissioner highlight the activities of a Russian-based website which has posted links to thousands of IP cameras, but there is nothing new about this. There are search engines devoted to finding unprotected IP cameras – all the Russians have done is collected the links to the feeds in one place and packaged some advertising around them.

A quick search online this morning found a dozen websites devoted to web cam feeds.

These sites are taking advantage of people who have failed to change the default password. Some of them claim to be doing this as a public service, to alert the public to the risks. The Information Commissioner has said to them, “Now we all know and please will they take them down”.

But the risks go beyond weak or non-existent passwords.

Some IP cameras have well known vulnerabilities in them which mean that passwords can be extracted from the devices or security can be bypassed altogether.

Recent exploits include Heartbleed which exploits a flaw in OpenSSL and Shellshock which attacks Bash, part of the Unix operating system. Many IP cameras use operating systems built around these components, making them vulnerable to these and other lines of attack.

While companies are generally quick to issue patches, customers are slow to implement them, with some experts estimating that only 2% of cameras have been patched.

The dangers of having your cameras hacked are obvious, but beyond compromising the security of your surveillance system, a hacked camera can also be a gateway to the rest of your corporate network.

You can configure your network to isolate cameras from your business traffic but this requires some specialist skills to set up and maintain, meaning many networks are not protected.

The advice from cyber security experts is don’t expose your cameras to outside networks but if you must, then apply these safeguards:

  • use firewalls with strictly enforced rules
  • turn off remote configuration tools
  • isolate your camera from internal networks so if it gets hacked (assume it will at some point), you won’t expose the rest of your network

Bear in mind that cameras are not the only IP devices so you need to understand what IP devices you have and to what degree they are exposed to external networks.

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Defensive AI safeguards against cyber threats

Defense Initiative to enhance global cybersecurity underscores the importance of defending against increasingly sophisticated and pervasive cyber threats…

Bridewell in Microsoft Security Copilot Partner Private Preview

Bridewell today announced its participation in the Microsoft Security Copilot Partner Private Preview. Bridewell was selected based…

Evanssion and ThreatQuotient Join Forces

A renowned cybersecurity and cloud-native security VAD in the Middle East, Evanssion, has just announced a strategic

Most cyber attacks in Middle East involve spyware

Positive Technologies has analysed the attacks carried out on individuals in Middle Eastern countries between 2022…
Neustar

New DNS detection from Neustar

Neustar Security Services, a provider of cloud-based security services that enable global businesses to thrive online, is introducing UltraDDR…
Acronis

Acronis seals partnership with Fulham FC

Acronis, a global cyber protection company, has announced a three-year partnership with London´s oldest professional football club, Fulham FC…
Acronis

Acronis Cyber Foundation celebrates five years

Acronis is proud to celebrate the fifth anniversary of the Acronis Cyber Foundation Programme, a set of philanthropic initiatives designed to engage…
NAKIVO

NAKIVO releases v10.8 with vSphere 8 Support, MSP Console and Hybrid Cloud Backup

NAKIVO Backup & Replication v10.8 marks another major milestone in NAKIVO’s drive toward more reliable data protection for today’s business…
Scroll to Top