The lead item in Axis monthly newsletter is an Axis post on cybersecurity. In it, they declare:
Cyber Security experts state that over 90% of all “successful” breaches and intrusions are due to failures caused by people and poorly configured systems, together with a lack of maintenance [their emphasis, not ours]
This certainly gets to a contentious matter, about who is responsible - the user, the integrator or the manufacturer.
However, as our cyber security comparison report shows, Axis:
- Does not require strong passwords (using 'pass' or '1234' is just fine)
- Does not support auto lockout for failed login attempts (so their devices can be brute force or dictionary attacked)
Combine these two together, Axis makes it easy for weak passwords to be hacked.
Remember the hack IP camera video that went around the industry a few months ago? The guy used just that technique (dictionary attack against a camera that did not require strong passwords) to get access to the camera in less than a minute. He did not use an Axis camera but the same method works against Axis because it has the same design. The hack portion starts at the 4:30 mark:
So should Axis take responsibility for this or is this the user's fault? Vote: