Thousands of internet-connected CCTV cameras and baby monitors are streaming their video so that anyone can watch them online without their owners knowledge. Photograph: Alamy
Footage from hundreds of thousands of CCTV cameras and baby monitors is being live-streamed on the internet unbeknown to their owners, who think they are secure.
A Russian website published thousands of these streams so that people online can easily watch them and the people, places and even babies in them, the Information commissioner’s office has warned.
How is this possible?
A large number of the cameras being sold in the UK and elsewhere come secured with a default password that can be as simple as “password” or “12345” and is publicly known, often detailed in support documents.
Internet users can view these streams using a browser armed with the default password and watch people in their homes and businesses without their knowledge.
How big an issue is it?
The Russian site lists hundreds of thousands of cameras freely for view across scores of countries including the UK. The insecure webcam feeds can easily be found through Google and other search engines, as their streams are indexed just like any other webpage.
An estimated 350,000 internet connected surveillance cameras were sold in the UK alone, but it is unknown how many were left with weak or default passwords when set up by users.
How long has it been going on?
Unprotected internet-connected cameras have been viewable through Google searches and other websites for years, but this new site has only cropped up in the last month. It is likely other sites doing a similar job are available across the internet and within the dark net, which describes sites not indexed by search engines.
Which cameras are affected?
A variety of internet-connected cameras spanning CCTV cameras, home security cameras and baby monitors from a myriad of companies including Panasonic, Foscam, Linksys and others are affected.
Any camera that is openly connected to the internet, can be viewed through a browser from outside the home and has a weak or default password can be viewed without the owner’s knowledge.
Can people see my webcam?
Whether it’s a baby monitor with a camera or a CCTV camera, people can only see your webcam’s stream if you haven’t changed the password that the camera came with or if you are using a password that is weak or easy to guess. ‘Password’ for example.
Most internet-connected cameras broadcast their location along with a video stream. Browsing the Russian site or using Google to search for your camera could show whether others have been able to see it, narrowed by location.
What can I do to stop people viewing my webcam?
Because people are accessing these connected cameras via default or weak passwords, protecting your webcam for the casual viewer is as easy as changing your password to something strong.
Strong passwords should be as long as you can remember, combine a mixture of numbers, upper and lowercase letters and punctuation marks. Real words should not be used and the password should not be used for more than one service.
Remembering a 24 character randomly generated password is hard. Password managers such as 1Password or LastPass can help by remembering them for you and protecting them with one long password and two-factor authentication.
No comments:
Post a Comment