A Russian website has been posting live video streams from unprotected webcams in homes and businesses around the globe, Britain’s Information Commissioner’s Office warned on Thursday.
The website has gained access to the webcams using the cameras’ default login credentials, which are freely available online but often don’t get changed by their owners during the set-up process.
Baby monitors and CCTV networks are among the systems that have been compromised, explained Simon Rice, the ICO’s group manager for technology.
The Russian site, insecam.cc, appeared to be down on Thursday afternoon.
Reportedly listed on the offending site, according to the BBC, were streams from more than 250 countries and other territories, including 4,591 cameras in the United States, 2,059 in France, 1,576 in the Netherlands and 500 in the UK.
Foscam is the most commonly listed camera brand, followed by Linksys and then Panasonic, the BBC reported. Foscam also is the brand of baby monitor that reportedly was compromised last year in a Texas family’s home.
The Band-Aid Solution
“It isn’t hard for people to get access to webcams when default credentials are not changed,” Jarad Carleton, a principal consultant with Frost & Sullivan, told TechNewsWorld. “Users should always change default credentials, but many times people don’t.”
Many people also mistakenly believe that “nobody would be interested in hacking dad or granddad’s webcam,” Carleton added, “but any potential burglar or thief would love the intel a webcam can offer. Personally, I keep a Band-Aid over the webcam on my laptop, and I know of a lot of security professionals that do the same.”
It’s surprising that computer manufacturers haven’t started including a simple manual shutter to cover webcam lenses when they aren’t in use, he said.
“What’s even more disturbing is they have webcams on smart TVs now without manual shutters,” Carleton pointed out. “So, if you mount one of those TVs on the wall in your bedroom and it gets hacked, someone could see a lot of you and your partner.”
‘An Important Message’
Though this latest case is new, the problem has been around for some time, said Ken Westin, a security analyst for Tripwire.
“The Russian website making these feeds public is creepy, but it just provides the public with the same information security researchers and malicious hackers have had access to for years,” Westin told TechNewsWorld.
“Hopefully, the silver lining of the publicity this website is generating is that consumers will become more aware of the default settings on cameras, as well as the general security vulnerabilities in these devices,” he said.
Indeed, “the warning by the ICO about Web camera security is an important message to those who put too much trust in the default security settings of devices that we put in our homes,” observed Mark Stanislav, security project manager with Duo Security.
“Many users assume that the vendor has implemented security best practices, but often find out entirely too late that their camera has been abused by voyeurs on the Internet,” he told TechNewsWorld.
Mind the Network
What should webcam users do to protect themselves?
Changing the default password on the camera is a critical first step — but it’s not enough by itself, Westin warned.
“You also need to secure the network that camera is connected to,” he advised. “If an Internet-connected camera is on an open WiFi network, anyone sitting outside your house can connect to the network and see the camera feed.”
Consumers shopping for new Internet-enabled cameras should be sure to buy a reputable brand that provides security updates to their firmware.
“Security features may not be at the top of your list of cool camera features, but this website demonstrates why they matter,” Westin said.
An Ever-Present Risk
Finally, no matter how good they think their security may be, consumers should always be mindful of what they do in front of an Internet-connected camera, Stanislav told TechNewsWorld.
In general, “the risk of someone viewing your camera on the Internet must be weighed against the value you find in having such a device on your network and in your home,” he said.
“Even great technology companies make mistakes,” said Stanislav, “and it’s vital that consumers understand they will always face some risk using an IP camera in their home to having their privacy exposed.”