2 min read

15,000 private webcams left open to snooping, no password required

Graham CLULEY

September 19, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
15,000 private webcams left open to snooping, no password required

Once again concerns are being raised about the sorry state of IoT security, after a security researcher discovered over 15,000 private webcams that have been left wide open for anyone with an internet account to monitor.

Avishai Efrat, a white hat researcher working for WizCase, identified thousands of unsecured webcam video feeds are being broadcast from multiple places around the world. The webcams are made by a variety of manufacturers, including:

  • AXIS net cameras
  • Cisco Linksys webcam
  • IP Camera Logo Server
  • IQ Invision web camera
  • IP WebCam
  • Mega-Pixel IP Camera
  • Mobotix
  • WebCamXP 5
  • Yawcam

In a blog post, WizCase’s Chase Williams detailed how many of the webcams were inside people’s homes, while others appeared to be in businesses, private institutions, and even places of worship:

“Some examples of camera that were accessible include those at shops, inside the kitchens/living rooms/offices of private family homes – including a live feed of people on the phone and children peeking at the camera directly, tennis courts, storage units, hotels, museum security feeds, churches, mosques, parking lots, gyms, and more.”

According to Efrat, the privacy failure has occurred through the lethal cocktail of devices that did not secure themselves automatically when initially installed, mixed with owners who failed to take the necessary steps to ensure that security measures like password authentication and IP/MAC address whitelisting were in place. In addition, owners are advised to disable UPnP if P2P networking is in use.

As has been warned many times in the past, too many IoT devices are allowed to connect to the internet with preconfigured settings and default passwords, making life too easy for malicious hackers.

Sure enough, in some instances, Efrat reports that hackers could log into devices with admin privileges and determine information about the owners such as their approximate location, as well as theoretically hijack control of the webcam to point in a different direction.

Perhaps the most obvious concern, however, relates to the video footage itself. Taking control of a webcam gives a criminal access to privileged information which could be abused to help them in a robbery, or perhaps even blackmail the unsecured webcam’s owner.

WizCase’s opinion is that webcam manufacturers have prioritised ease-of-installation over security, and left users dangerously exposed.

Until more manufacturers make the process of securing their IoT devices easier or – better yet – automatic then it feels we will be reading many more headlines in the future of individuals and businesses who have put themselves needlessly at risk.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Phishers Targeting Victims with ‘Free’ PCR Test for Omicron COVID-19 Variant Phishers Targeting Victims with ‘Free’ PCR Test for Omicron COVID-19 Variant
Filip TRUȚĂ

December 03, 2021

2 min read
WordPress Plugin Vulnerability Affected More than 80,000 Websites; Patch Is Now Out WordPress Plugin Vulnerability Affected More than 80,000 Websites; Patch Is Now Out
Silviu STAHIE

December 03, 2021

1 min read
Man charged with Ubiquiti data breach and extortion was employee assigned to investigate hack Man charged with Ubiquiti data breach and extortion was employee assigned to investigate hack
Graham CLULEY

December 03, 2021

2 min read