The Abu Dhabi police have recently found out a major security loophole that can make security devices vulnerable to hacking attempts or data theft. CCTV systems and cameras are used in many public and commercial establishments in the UAE. The Criminal Investigation Department of the Abu Dhabi police have warned the general public about this loophole, which can be a cause for concern for many establishments. Involving a basic error in setup, this loophole leaves an entry point for those with malicious intent to view or use the recorded or captured footage for criminal purposes.
Why you need to change your password
All CCTV devices come with a default username and password which are supposed to be used during the time of initial configuration to set the device. CCTV manuals also state clearly that once initial access is gained, the password needs to be immediately changed to prevent misuse. It has been found that in many places, users have forgotten to change the default passwords for their CCTV devices, leaving them vulnerable to external attack.
CCTV device manufacturers routinely showcase their products on the internet, and also provide online versions of their detailed user manuals for download. As a result, everyone has access to a wide variety of default username and password sets on the internet. It can be extremely easy for someone with bad intent to find out the default credentials of a particular camera. All the information needed would be the make and model, and the credentials can be found from the manufacturers’ website.
The Abu Dhabi police have been aware of many cases of data theft and encroachment through CCTV devices where default passwords have not been immediately changed after first use. Keeping the login credentials in their default state allows someone with knowledge to control the cameras, view the security feeds and even store them for later use. Intent can range from blackmail to criminal use.The CID of Abu Dhabi police have therefore alerted consumers about this problem, and advised them to regularly change their passwords. The more complex and elaborate the passwords, the better. They have also appealed to CCTV equipment manufacturers to clearly convey to customers the need to change default user credentials immediately on first use, and asked them to make the process simple and intuitive. Overall, the recommendation is to exercise extreme caution when setting up CCTV networks, so that security can be tight with no chance for compromise.