Comment on 40,000 Security Cameras Found Compromised Online.

hansolo@lemmy.today ⁨1⁩ ⁨week⁩ ago

• dan@upvote.au ⁨1⁩ ⁨week⁩ ago

  Hard-coded default passwords have been illegal in California since 2020, so it shouldn’t be as much of an issue with newer devices. Companies aren’t going to make California-specific versions of their devices, so they’ll follow the standards everywhere.

  To be legal in California, the device either needs to have a randomly-generated password unique to that device (can be listed on a sticker on the bottom of the device, or in the manual), or it needs to prompt to set a password the first time you use it.

  source

  • hansolo@lemmy.today ⁨1⁩ ⁨week⁩ ago

    Yes, but no one checks the legality of cheap Chinese devices from Amazon.

    source

    • Manifish_Destiny@lemmy.world ⁨1⁩ ⁨week⁩ ago

      Also cheap cameras also tend to ship with a number of x-day vulnerabilities.

      source

      • dan@upvote.au ⁨1⁩ ⁨week⁩ ago

        It’s usually fine if you stick to a good well-known brand, but there’s some cheaper cameras that are bootleg clones of other brands, that can’t run the latest upstream firmware so they’re stuck on a hacked/modified version of older firmware.

        source
    • dan@upvote.au ⁨1⁩ ⁨week⁩ ago

      The good Chinese brands, if they do have a hard-coded password, usually make you change it on first login. I’m pretty sure newer Hikvision and Dahua models do this (plus their resellers/rebrands like Amcrest, Lorex, Annke, etc).

      Of course, there’s all sorts of junk on Amazon that don’t follow any sort of standards.

      source
  • Creat@discuss.tchncs.de ⁨1⁩ ⁨week⁩ ago

    Can’t remember when it came into effect, but randomized device specific passwords are also mandatory in the EU now. This was relatively recently though. It means they single device (item, not model type or class) has to have an individual password (also usually it’s on a sticker or something).

    And yes, connecting any ip camera to the Internet is just dumb.

    source