Advertisement

Website showing live feed from the webcams and baby monitors of 250 countries highlights poor IoT security

IoT camera feed
A website containing the live feed of thousands of security cameras, web cams, and baby monitors from locations across Europe, has recently caught the Internet’s attention. Operating under the pretense of engaging in public awareness, the Russian-based site, called Insecam, streams footage from systems that have not bothered to change the default password or have no log-in password at all.
 
Insecam’s database shows feed from more than 250 countries, including 4,591 cameras from the US, 2,059 from France, 1,576 from the Netherlands, and 500 from the UK. The footage is sorted by its country of origin and device manufacturer, and includes major brands such as Linksy, Foscam, and Panasonic. Some feed appears as static images and does not working properly.

When contacted by the BBC, the site’s curator, whose identity remains anonymous, commented that he was not actually Russian, nor did he consider himself a hacker as no security settings were tampered with. By contrast, the scope of the webpage was to showcase the vulnerability of mishandled Internet-connected devices and the security threats they provide if users don’t take the time to set a proper security password. The administrator did not perform any actual hacking, but rather employed software and search tools to scan the Internet for feeds accessible using the device’s default setting.

Since Insecam’s discovery, camera manufacturers have scrambled to update their product’s firmware to force users into choosing a new password before using the device. Others, such as Foscam’s chief operating officer, Chase Rhymes, have condemned the website’s execution, equating it to someone setting up an unauthorized camera outside another person’s window and broadcasting the feed worldwide just because the window was left open.

Christopher Graham, UK’s Information Commissioner, argues that if the site was trying to alert people of security flaws, then it’s time to take it down because “now we all know.” He informed the BBC that he would be working with Russian authorities to take down the website from its hosting. 
Visiting Insecam now yields the following message and nothing else:

Insecam 2  
If this elaborate demonstration was one man’s attempt at distinguishing himself by highlighting the growing problem of the Internet-of-Thing’s lack of security, then it seems he hit the nail on the head. Someone get this man a job! 

Do note that this issue is not exclusive to Internet-connected cameras, but demonstrative of something affecting the majority of IoT products on the market. The rush to produce the first Internet-connected printer, Internet-connect refrigerator, or Internet-connected anything, has had designers make some poor security decisions for the sake of cornering the market early on.

Source: BBC

Advertisement



Learn more about Electronic Products Magazine

Leave a Reply