Many users of IP based video systems may not be aware that each camera on your network has its own unique IP address. It is a device, connected to the internet just as your iPad, office computer or laptop is. And just as these devices are (or should be) protected by passwords to prevent unauthorized people from gaining access to them via the internet, so should your IP cameras; assuming you don’t want just anyone to be able to view them without your knowledge or consent.
IP cameras are shipped with a default password. The technician installing your new camera should change the default password but often times they do not. The “bad guys” know the factory default passwords so we strongly recommend that you remind your technician to change the passwords as he/she installs new cameras. If you aren’t sure it was ever done on an existing system, ask the tech to do so next time they are on site.
Another feature on many cameras is known as the “phone home” feature. To simplify setup and enable users to watch video remotely, this feature means the user does not need to login to the device’s web interface, do network / router configurations, etc. They simply go to a cloud interface to connect to those devices that already phone home to the manufacturer. Nice feature (for ease of use) but some manufacturers such as Axis ship devices with it defaulted off while others such as Hickvision, the default is on. The risk is Hikvision misusing these connections inside of private networks. It would be possible for them to potentially look at internal video or worse, to use that device to access other devices inside a LAN. This automatic tunnel-out connection could be used to setup a reverse shell or quasi-VPN, letting outsiders tunnel in to the network, using the camera as an ad-hoc router.
When a Safer Places consultant designs your system and oversees the bid process, generally our final step is to conduct a final inspection using our comprehensive checklist to make sure everything about your new installation was done according to our specifications and that all programming and settings have been handled correctly so that your new system will work as it was designed. One of the items on our checklist is to make sure passwords are changed from the factory default and phone home features are disabled.