Security camera installer reuses passwords

[mat200]

Blast company name here and on BBB and FB.

That sounds like the trunk slammer and has exposed many companies to vulnerability.

Sounds like lazy it tech ..

 

[CCTVCam]

Must admit I'm guilty of using admin on my cameras albeit with my own password. Then again I feel relatively secure as they're sat behind a modem firewall and a second router firewall neither of which are admin and both of which have secure passwords. So it would take bypassing 2 firewalls to reach my network.

 

[wittaj]

Must admit I'm guilty of using admin on my cameras albeit with my own password. Then again I feel relatively secure as they're sat behind a modem firewall and a second router firewall neither of which are admin and both of which have secure passwords. So it would take bypassing 2 firewalls to reach my network.

There is a bit of a difference between you as a homeowner using the same user and password for all your cameras versus a company setting up a system for other businesses and using the same user/pw for every customer.

This dude probably sets it up as port forwards as well and thus allows a lot easier access for someone with his client list to be able to hack other people's systems.

 

[mat200]

There is a bit of a difference between you as a homeowner using the same user and password for all your cameras versus a company setting up a system for other businesses and using the same user/pw for every customer.

This dude probably sets it up as port forwards as well and thus allows a lot easier access for someone with his client list to be able to hack other people's systems.

100% need to check network logs and activities. Basically info sec requirements need to pay attention to contractors and employees .. can be a real pain for many who want easy to get work done instead better secure way.

 

[CCTVCam]

There is a bit of a difference between you as a homeowner using the same user and password for all your cameras versus a company setting up a system for other businesses and using the same user/pw for every customer.

This dude probably sets it up as port forwards as well and thus allows a lot easier access for someone with his client list to be able to hack other people's systems.

Yeah mine aren't the same passwords and I have VPN turned on in my router so no inbound connections are accepted unless sporting the right credentials.

 

[c hris527]

Must admit I'm guilty of using admin on my cameras albeit with my own password. Then again I feel relatively secure as they're sat behind a modem firewall and a second router firewall neither of which are admin and both of which have secure passwords. So it would take bypassing 2 firewalls to reach my network.

Haha me too, however at the time nobody else had access and they were admin only passwords, I had users setup with different credentials, none of the systems were able to reach the Internet, it was on a closed network. When I left that Job, I'm confident on day 1 they changed all the passwords, I trained a really good tech and per protocol, all passwords need to be changed when a employee or contractor leaves.

 

[tech_junkie]

Is this as bad as I think it is?

I find it worse than you think. As I ran into several security companies doing the same thing over the years. I remember having to talk to one about this and suggested to them password schemes based on their account numbers. At least that would be more distinct from customer to customer instead of having one across a few thousand NVRs and someone out there shares that password. I told them its not like a burglar alarm system that is going to send an alert signal to the monitoring service that someone used the installer's code.