Sign up to our newsletter
A Russian website is showing off hundreds of feeds of live webcam footage from inside homes and businesses, which have been accessed by hacking into people’s webcams, CCTV systems and monitors, according to The Independent.
Footage on show includes nurseries, the interior of gyms, and private homes – and thousands of cameras are streaming live on the Russian-hosted website.
The intrusion was highlighted by the Information Commissioner’s Office in the UK, which reported that the Russian-based website accesses the information using default login information, which is freely available online.
Victims are those who have plugged in such connected equipment without changing the passwords from the defaults.
Simon Rice of the ICO, says, “The footage is being collected from security cameras used by businesses and members of the public, ranging from CCTV networks used to keep large premises secure, down to built-in cameras on baby monitors. And with 350,000 of these cameras sold in the UK alone last year, this is a threat that all of us need to be aware of and be taking action to protect against.”
The ICO has communicated with the operators of the website, but the operator insisted that the site was merely a warning to use proper password defenses for such connected devices.
The site operator said, “All these cameras were viewed by a lot of users and (the) camera’s owners have no chance to know about it for many years. Only mass media can help users to understand the importance to set a password.”
ESET Security Specialist Mark James said that such vulnerable devices were easily found using specialised search engines – but that it was important to change default settings.
For instance, parents should ensure that baby monitors cannot stream footage outside the home – many can by default, but the option can be switched off.
James says, “In what situation would you need to stream your children’s bedroom outside of your private residence? If you have a cam to keep an eye on your children as they sleep, that’s great, as a technology aware parent I had the same when my children were young but I would never allow that feed to be streamed outside of my own private house.”
James also says that in this case, the most important thing is to change the password – rather than to focus on having a complex one.
James says, “Education is the key point here, the end user needs to be fully aware that a default password exists and easy instructions on how to change it.”
“When it comes to changing the password, let’s not confuse this with all the advice about having to use a complex password, the point here is not about how hard or long the password is, it’s about NOT using the default password.”
“Of course a complex password is best using a mixture of upper and lower case letters, numbers and characters – but anything is better than the default password… anything!”
Author Rob Waugh, We Live Security