So I recently discovered the outside contractor who installs and manages our security cameras and alarm systems has been reusing the same username "admin" and the same password on all of his NVR/DVR systems across all of his clients for years now. We have 7 NVR systems with him. Typically Dahua units and cams. Is this as bad as I think it is?
Security camera installer reuses passwords
- Thread starter techguy505
- Start date
Definitely not good.....although it could be worse if you find out even more similar no-no's......
Techguy, why don't you change the passwords?
I just figured out it was happening. The contracter and I are having an unrelated dispute and I came to the realization while reviewing past conversations. He'll likely be removed and upper management has been made aware of it but my hands are currently tied.
He did that because he is lazy. He does not need to keep track of different credentials for each installation. This goes against the first rule of cyber security that has been told to everyone for decades.
This is almost like installing a back door. He or anyone working for him can access your system without your consent. This also means that any of his other clients can know your password to your system, and anyone that those clients share the password with can know your password also.
This is almost like installing a back door. He or anyone working for him can access your system without your consent. This also means that any of his other clients can know your password to your system, and anyone that those clients share the password with can know your password also.
I would expect the user to change the passwords after the installation. One of the first things I did moving into the current house was re-key the locks because I knew at least the builder could get in.
alastairstevenson
Staff member
Yes, because you should be changing and recording and protecting the passwords to your organisation's own standards after the system has been installed and tested and accepted from the installer.
Unfortunately the installer also "manages" the cameras and the security systems.
Knowing that might move me into the "lazy installer" camp.
What is a security system when everyone knows the password? Right now you do not have one.
IMHO, these are not "security systems", they are more accurately called "surveillance camera systems". 
He "manages" our security systems as in alarm panels as well.IMHO, these are not "security systems", they are "surveillance camera systems".
What is worse, is that the installer, that is Pissed Off at you, has access to your system. That would be my first thing to correct.
Yeah I'm hoping to have him removed next week. We're going to review his contracts but given that reusing passwords to the degree he has it wont he hard to claim negligence.
If you can't remove him, then change the passwords and when he needs to "manage" the system, have someone enter the password without him seeing it. But if the management is remote, that will not work.
I suggest that you change the passwords BEFORE you have him removed!
That's my plan. I could set them back up anyway but would prefer not to spend a day doing it. I have to check his configuration over anyway though.