Is your epos device or CCTV camera a risk to your business? Over recent months we’ve seen two big story’s demonstrating how for many businesses, yes you are exposed. In both cases devices are insecure by default and when deployed into production these defaults are not being altered.
What do we mean by secure by default? It’s simple, secure by default means that the default configuration settings are the most secure settings possible. It allows the person using that device or system to deploy and not unknowing open themselves up to risk.
Insecure CCTV camera configuration leads to 73,000 private cameras visible to anyone!
The website Insecam is doing just that, streaming footage from approximately 73,000 Internet-connected IP cameras around the world. The majority appear to be from cameras running default security settings (like using “admin1″ or “password” as a password). There’s are streams from over 11,000 cameras in the United States alone, with tens of thousands of others from places like Brazil, Japan, and the Czech Republic.
Read more here.
Cash register maker used same password – 166816 – non-stop since 1990
At RSA 2015, fraud fighters David Byrne and Charles Henderson say one of the world’s largest Point of Sale (PoS) systems vendors has been slapping the same default passwords – 166816 – on its kit since 1990. Worse still: about 90 per cent of customers are still using the password.
I one retailer it was revealed staff had used an epos system to play Guitar Hero, Call of Duty, and download porn.
Read more here.
As the risk grows, governments have started to intervene, including providing IT security advice. A good document provided by the UK government can be found here.