14 DAY TRIAL // Video streams from an impressive number of surveillance cameras from around the world is publicly available on a website, not because they’ve been hacked, but because their owners failed to protect access with a password.
Poorly protected equipment is bound to become the object of scrutiny of third-party individuals, at one point.
Many users do not value their own privacy
In this case, the administrators of insecam.com have built a system that automatically scours the web in search of cameras and DVR systems that have the default username and password pair (admin:admin, admin:12345) to protect them from unauthorized access.
Important to note is that webcams integrated into personal computers or USB-connected ones are not taken into consideration. But even so, plenty of people use them for monitoring personal perimeters such as the inside or the outside of a residence.
It appears that the administrators want to raise awareness of the importance of applying a personal password to keep the stream private, otherwise anyone can search the Internet and find the default credentials for accessing the stream captured by the device.
Armed with this information, burglars can easily look online for the IP address of the device, tap into the video feed and record the daily routine of the victim. Not only this, but they already know where the cameras are.
Video streams are not the result of a hack
In the FAQ section of the site it is clearly stated that the availability of the streams is not the result of a hack attempt, but simply of using publicly available and free online tools to find them. Google is one way to start, but other engines, such as Shodan, specifically designed for finding Internet-facing hardware components based on several criteria, can also be used.
“Owners of these cameras use default password by unknown reason. There are a lot of ways to search such cameras in internet using Google, search software or specialised search sites,” an entry in the FAQ reads.
Tens of thousands of cameras are listed on insecam.com, and more are constantly added. Their owners can request taking down the feed, but the only way their privacy is respected is to apply a different password than the one set by the manufacturer or vendor of the equipment.
At the moment of writing, at the top of the list with insecure IP cams are the United States (11,046), Republic of Korea (6,536), China (4,770), Mexico (3,359) and France (3,285). Italy and the United Kingdom are next, with 2,870 and 2,421 insecure cameras, respectively. A rough total is estimated at 73,000.
