Personal Information Protection Commission Holds 15th Plenary Session
Measures Taken Against 175 IP Camera Operators
Overseas Direct-Purchase Products More Vulnerable Than Domestic Models
The Personal Information Protection Commission has issued a stern warning to 175 IP camera operators over concerns of personal information breaches.
On July 10, the Commission announced that, at the plenary session held the previous day, it confirmed security vulnerabilities in network-based IP cameras operated for surveillance purposes in multi-use facilities and decided on these measures accordingly.
The investigation, which began with a public interest report, found that 175 IP camera operators had set the IP addresses of their network video recorders (NVRs), which are video information processing devices, to "public," allowing external access. Administrator accounts were set to easily guessable combinations such as "admin/1234." As a result, video information could be easily accessed by unauthorized individuals.
According to reports, these operators have complied with the Commission's demands to immediately address the security vulnerabilities by switching IP addresses to private and changing passwords. The Commission stated, "Although the IP camera operators neglected their duty to implement safety measures, they promptly rectified the issue, which arose due to a lack of awareness. Considering that there have been no additional cases of damage, we have issued a stern warning and will continue to provide guidance."
The Commission also inspected whether IP cameras distributed on the market are equipped with personal information protection features, and found that products purchased directly from overseas were generally lacking in this regard.
This inspection was conducted from February 20 to April 21, targeting the six most-purchased products (three officially released domestically and three purchased directly from overseas). The Commission examined whether these products provided safety features for personal information, such as password settings, restrictions on external access, and encrypted communication.
As a result, unlike domestically released products, which require password settings, overseas direct-purchase products were found to either use default settings or allow network access without a password. In addition, these products did not provide IP access restriction features or limit access for a certain period after multiple failed login attempts.
A Commission official stated, "To ensure the safe installation and operation of IP cameras, it is important to use devices with strong security features," adding, "We will establish guidelines outlining personal information protection methods for operators and users, and actively conduct inspections related to the security of IP cameras in multi-use facilities."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
