Could a complete and total stranger be watching your family through your own security cameras? Today, Sophos Naked Security ran a story about a new website (the URL of which we are intentionally withholding) consisting of hundreds of thousands of private live streams pulled from the millions of Internet-connected cameras in households across the world.
Victims of the criminal site come from around the world, and there are over 11,000 stolen feeds from homes in the U.S. All those on the site have one unfortunate thing in common: None of them changed the default password on their Internet-connected camera.
The privacy-obliterating site operates under the guise of bringing attention to how easy it is to obtain such feeds using just the manufacturer’s default password. “To remove your public camera from this site and make it private the only thing you need to do is change your password,” the anonymous site’s administrator writes.
Of course, the site is hardly benevolent – it violates its victims’ privacy by releasing incredibly sensitive footage to complete strangers. Reporters from the U.K.-based Daily Mail have observed babies in cots, young children playing and even changing rooms streaming on the site. It is a violation of the Computer Fraud and Abuse Act to access these streams via a guessed password, though the international nature of the site’s creator will make justice difficult.
Many Internet-connected video cameras allow you to set a password to restrict and control remote access. Unfortunately, many people do not change the default factory passwords on their cameras after installing them. This essentially leaves the door wide open for any stranger online to view your most private moments, no hacking or computer skill required. Don’t fall into the trap yourself – create a unique, hard-to-crack password for any device that connects to the Internet.
[security camera footage via Shutterstock]
From George Mells on November 12, 2014 :: 3:31 am
Are web cameras just connected to the local net accessible? I have one that uses a DDNS account to acces it from the web and another that does not have a DDNS name (both with new passwords). Would both be subject to this hack orvjust the DDNS connected one?
Reply
From Josh Kirschner on November 12, 2014 :: 2:32 pm
I’m not entirely clear on how you have your cameras networked, but this “hack” is really nothing more than finding IP cameras that are broadcasting over the Internet (versus an intranet) and still have the default password from the manufacturer.
Reply