Yes, we failed to change the default password on the cameras we installed. Someone managed to get ahold of the IP addresses, and guess the login and password. We escaped with only minor headaches, as all that happened was that they uploaded a few “overlay” images that appeared on some of the camera feeds, and a few text messages that seemed to be mostly warning messages to us about cybersecurity.
The hacker did change a few of our passwords for the cameras, so there were some from which we could not just delete the images. This has meant various levels of hassle to reset the cameras to default. For the white brick cameras, 30 seconds of holding a control button while the power cycles was sufficient. I didn’t even have to reset the IP address. For the dome cameras, it’s a bit more complex, as the IP address has to be reset, and I wasn’t around for that part originally so I’ll have to consult IT.
However, it makes us wonder about the wisdom of having even the camera views available without a password on the web, which we hadn’t considered was available before. You’d have to have the IP address to go to the view, but once you were there, our IP addresses are mostly sequential (depending on the day and which cameras are installed), so you could go visit each of them if you liked. There seems to be an option to turn this off, however, which I have also gone through and switched so that now you need not only the IP address, but the username and password in order to even view the feed.
Moral of this part of the story? Explore the default settings and consider what they truly mean. Be a Nervous Nellie and a bit of a cynic, assume the worst so you can plan for it.
UPDATE 5/16/13: I couldn’t get the 3301 dome cameras reset despite following the unplug, hold control button, re-plug power sequence. Our IT specialist thinks the hacker may have actually reset the default password via the firmware, since they should have automatically reset themselves to the same IP addresses using DHCP. So those two cameras have been pulled and replaced while the hacked ones are off to the IT hospital for some sleuthing and probably a firmware reset as well. I’ll let you know what the resolution is.
