If you are still using the default username and password for your CCTV, change it NOW! Change it even before you continue reading the rest of the article!

A news article back in 2014 speak of a website that was broadcasting more than 73,000 CCTV systems worldwide. It is possbible because CCTV owners are using the default login and password. The site seemed dysfunct now, but the danger of negligence still looms this very day.

In fact, it is possible for anyone to seek out any connected device with a few clicks!

Meet Shodan! The world’s first search engine for Internet-connected devices.

Shodan_Search_Results

With a free account, I could search for a particular brand of CCTV system and  the search engine will return a scary lot of information about the CCTV device (DVR, NVR, IP Camera, etc). Information like:

  • The physical location of the device – Country and general location
  • The IP Address and Port number of the device
  • The brand and model number of the device
  • The type of device

So what can someone do with all these information?

With a simple google search, he could find out the default login and password of your brand of equipment. Then, they could get to the login log into your CCTV system as though they are YOU! It’s that easy!

Fear This!

Unless you are comfortable with some (creepy) strangers watching your every move, the thought of it alone would freak most people out.

But that’s not the worst!

Let’s have our imagination run a little wild .. Hollywood-ly wild .. and imagine that your CCTV is being accessed by some crooks. With a full access to your CCTV

  1. They know your location
  2. They can observe where your valuables are
  3. They keep track of times when your premise is the most vulnerable

With all the above, they can easily execute a “Mission Impossible” style break-in. They could even have someone keep watch over the vicinty remotely. Thereby, turning your security system against you.

Fear This Not!

Scary as the above scenario may seem, the prevention measures are pretty simple.

1. Change your password

And please change it to a something secure! It’s useless to change it to something like “111111” or “password”! Here are some tips for secure passwords

  • Length does matter: The longer the better!
  • Not all cases are the same: Use a combination of upper and lower case
  • Have a good mix: Use a mix of numbers and alphabets, and add some symbols like ,#@! if possible

You can refer to this comprehensive guide by the Boston University.

2. Create additional users

For most of the reputable CCTV equipments, it is possible to create more than 1 user account. It will be good to create additional accounts with lower administrative rights if you intend to pass it to a supervisor or store manager. That way, they can still perform their duties but could not meddle with the crucial settings of the system.

3. Choose a reputable brand

The more established brands of CCTV like AVTECH and Samsung will prompt you to change your password in case you have not.

AVTECH_Password_Change_Reminder

4. Just chill

Unless you are as popular as Donald Trump, you will not be singled out for security breach. It’s the principle of “safety in numbers”. You are just 1 of the millions or hundreds of millions of CCTV owner out there. With some basic safety precautions, you are pretty safe actually.

Final Note:

While this article is written for existing and would-be CCTV owners, the principles would also apply to any device that is connected to the web. With a rising in the Internet of Things, it is ever more important to ensure these basic security best practices are in place.