By DAVE HOOK.
This is a quick warning concerning CCTV systems. If you continue to use the default username and password for your Internet-based, remote-viewing-enabled CCTV cameras, you may have already been hacked, according to Wired Magazine’s Kim Zetter.
Knowing a legitimate username and password pair is the basis for a soft attack against information systems. That is, a means of breaking into a computer system using someone else’s legitimate credentials. Continuing to use default log-in codes can set up the security or administrative staff to be unfairly accused of information theft.
If you, your company, or your airport makes use of CCTV systems for safety or security, make sure that the default log-in information is not still being used. You can check to see if the username and password are the defaults by going to the manufacturer’s operating manual.
Even if they are not, ask yourself if the person who installed the system is still with — and bonded by — the same company. If they are not and they established the username and password that is currently being used, it’s probably a good idea to change the password.
I’ve heard some security system installers suggest to airport managers that they shouldn’t change the log-in information, even when the manufacturer’s operating manual recommends that they do so shortly after installation and testing. The common reason given is so that vendors can quickly gain system access in the event that they need to make a system repair.
My question is simply this, “Did you buy the security equipment for the security of your airport and its assets or for the convenience of access for the security equipment vendor?”
If you can view your CCTV cameras remotely from a hand-held or other device, your system is likely vulnerable to a default credential attack. Caveat emptor!
Fly safe and be secure!