Nearly 4 in 10 cameras at cyber-risk

New Genetec research shows most firmware is out of date
 - 
Wednesday, December 11, 2019

MONTRÉAL— As many as 68.4 percent ­— or almost 7 out of 10 — cameras are currently running out-of-date firmware, according to a new report by Genetec.

The research, conducted on a sample of 44,763 cameras connected to systems that are part of the Genetec opt-in product improvement program, found that outdated camera firmware, and failing to change default passwords present some of the biggest weaknesses in cybersecurity defense.

“Our primary research data points to the fact that more than half of the cameras with out-of-date firmware (53.9 percent) contain known cybersecurity vulnerabilities,” Mathieu Chevalier, Genetec’s lead security architect said about the new research. “By extrapolating this to an average security network, nearly 4 out of every 10 cameras are vulnerable to a cyber-attack.”

The research also showed that nearly 1 in 4 organizations (23) fail to use unique passwords, relying instead on the same password across all cameras from the same manufacturer, leaving an easy point of entry for hackers once only one camera has been compromised.

Genetec pointed out that, until recently, IP cameras came with default security settings, including admin login information that is often publicly available on the manufacturers’ websites. While most camera manufacturers now request users to set up a new password and admin credentials at installation, the study found that businesses, cities and government organizations with older equipment never updated their passwords, potentially compromising the other critical data and systems that reside on their network.

“Unfortunately, our research shows that the “set it and forget it” mentality remains prevalent putting an entire organization’s security and people’s privacy at risk. All it takes is one camera with obsolete firmware or a default password to create a foothold for an attacker to compromise the whole network,” added Chevalier. “It is critical that organizations should be as proactive in the update of their physical security systems as they are in updating their IT networks.”