Data Watchdog announced that a Russian website featured a database listing of about 73,000 streaming IP webcams or CCTV whose owners are not aware that their webcam is broadcasting the video. The webcams are located all over the world. They are used for offices, baby monitoring, shop’s monitoring, pubs, etc. All major manufacturers were present amongst the breached webcams. The webcams were discovered by Internet scanning and trying the default password. This is a good illustration of Law 8: If you watch Internet, Internet is watching you. The UK Information Commissioner’s Office recommends changing the default password of the camera and when not needed disable remote access.
The site claims to do that for educational purpose. This is what the site claims when accessing it. It seems that it is efficient, as there are less and less listed feeds.
Sometimes administrator (possible you too) forgets to set the default password on security surveillance system, online camera or DVR. This site now contains access only to cameras without a password and it is fully legal. Such online cameras are available for all internet users. To browse cameras just select the country or camera type.
This site has been designed in order to show the importance of the security settings. To remove your public camera from this site and make it private the only thing you need to do is to change your camera default password.
Several interesting lessons:
- As usual, default password are incriminated. Users, and even professionals as it seems that CCTV are also listed, do not change the default password. Manufacturers may not want to enforce the change of the default password, as it creates issues when users forget their password, but they should at least propose it the first time the user boots the device.
- People are not good with security. With the Internet of Things (IoT), there will be more and more connected devices. This means that there will be more and more vulnerable devices on the Net. IoT may make the Internet more brittle.
- Who will inform the owners of these spied webcams that they are spied? The remedy is simple, but the victims should at least be aware that they should apply this remedy.
By the way, did you change the default password of all your devices? If not, I plead you to do so.