2 min read

15,000 private webcams left open to snooping, no password required

Graham CLULEY

September 19, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
15,000 private webcams left open to snooping, no password required

Once again concerns are being raised about the sorry state of IoT security, after a security researcher discovered over 15,000 private webcams that have been left wide open for anyone with an internet account to monitor.

Avishai Efrat, a white hat researcher working for WizCase, identified thousands of unsecured webcam video feeds are being broadcast from multiple places around the world. The webcams are made by a variety of manufacturers, including:

  • AXIS net cameras
  • Cisco Linksys webcam
  • IP Camera Logo Server
  • IQ Invision web camera
  • IP WebCam
  • Mega-Pixel IP Camera
  • Mobotix
  • WebCamXP 5
  • Yawcam

In a blog post, WizCase’s Chase Williams detailed how many of the webcams were inside people’s homes, while others appeared to be in businesses, private institutions, and even places of worship:

“Some examples of camera that were accessible include those at shops, inside the kitchens/living rooms/offices of private family homes – including a live feed of people on the phone and children peeking at the camera directly, tennis courts, storage units, hotels, museum security feeds, churches, mosques, parking lots, gyms, and more.”

According to Efrat, the privacy failure has occurred through the lethal cocktail of devices that did not secure themselves automatically when initially installed, mixed with owners who failed to take the necessary steps to ensure that security measures like password authentication and IP/MAC address whitelisting were in place. In addition, owners are advised to disable UPnP if P2P networking is in use.

As has been warned many times in the past, too many IoT devices are allowed to connect to the internet with preconfigured settings and default passwords, making life too easy for malicious hackers.

Sure enough, in some instances, Efrat reports that hackers could log into devices with admin privileges and determine information about the owners such as their approximate location, as well as theoretically hijack control of the webcam to point in a different direction.

Perhaps the most obvious concern, however, relates to the video footage itself. Taking control of a webcam gives a criminal access to privileged information which could be abused to help them in a robbery, or perhaps even blackmail the unsecured webcam’s owner.

WizCase’s opinion is that webcam manufacturers have prioritised ease-of-installation over security, and left users dangerously exposed.

Until more manufacturers make the process of securing their IoT devices easier or – better yet – automatic then it feels we will be reading many more headlines in the future of individuals and businesses who have put themselves needlessly at risk.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read
Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read