Default Passwords Negligent?
In a recent case a school is being sued, because it had cameras in a girls locker room that were accessible via the Internet with their default password. According to the story:
Fredrik Nilsson, Axis’s general manager for the United States, points out that Axis cameras are installed with a default password, and it is up to the owners to make the cameras more or less secure.
“Just to give some perspective, we have delivered close to half a million cameras, and a Google search produces only a few hundred of them,” Mr. Nilsson said. He acknowledges that default passwords to many camera systems, including those of Axis, are frequently traded over the Internet. Nevertheless, he maintains, Axis cameras are secure against accidental intrusion.
A lawyer for the school acknowledged in court papers that school officials never changed the video server’s password from its default setting.
“The real scandal is why these Webcams are insecure,” Ms. Newitz of the Electronic Frontier Foundation said. “This is just really, really sloppy. It is one thing for an employer to place employees under surveillance, but to take no effort to keep the Webcam access limited just to the workplace is really reprehensible.”
Recent Comments