Unsecured IP cameras accessible to everyone
Posted on 18 January 2011.
In the last couple of decades, we have become so accustomed to the idea that the public portion of our everyday life is watched and recorded - in stores, on the street, in institutions - that we often don't even notice the cameras anymore.

Some of us don't mind the practice, others are unnerved by it, but whether you are part of the first or the second group, it is good to be aware of the consequences that unsecured surveillance systems can lead to.


It used to be that surveillance systems consisted of analog cameras physically wired to a central recording system. It was a both money- and time-consuming process, that has finally been made considerably easier and cheaper by the development and use of IP cameras.

As Tom Connor of ars technica explains, these new cameras have their own IP addresses and stream video directly onto a network - there is no more need for a digital video recorder or a control platform. Instead, a network video recorder does all the managing of the cameras and recording.

So, as a cheaper and easier alternative to their analog counterparts, IP cameras have been gaining market share at a fast pace and will likely continue to do so in the future.

But, the main issue that remains to be addressed is that of security. Analog surveillance systems were difficult to hack into by people who lacked the adequate knowledge, but IP cameras - having their own IPs - can be quite easily physically located and their stream watched in real-time by anyone who has a modicum of computer knowledge and knows what to search for on Google.

"Once an IP camera is installed and online, users can access it using its own individual internal or external IP address, or by connecting to its NVR (or both)," explains Connor. "In either case, users need only load a simple browser-based applet (typically Flash, Java, or ActiveX) to view live or recorded video, control cameras, or check their settings."

Camera names and model numbers matched with specific search tags such as “intitle,” “inurl,” “intext,” and many others, can yield links to cameras' remote viewing pages. Search combinations such as “intext:’MOBOTIX M10’ intext:’Open Menu’” and “intitle: ‘Live View / - AXIS 206M’” proved effective for Connor.

And he is not the only one. According to him, there are entire online communities of people interested in finding unsecured IP cameras and in discussing their interest on forums. They have also been known to provide large lists of search strings that work on Google Search and they are there for the taking for all those people who don't know where to start.

And Connor did just that - he armed himself with a list and started to copy and paste it into the search engine. He found unsecured cameras all over the world. Among other things, he watched snow-capped villages, college campuses, public squares, doctor's offices, aquarium tanks and retail stores.

Some of these cameras were obviously unsecured because there was no need to do that, but he fears that others - especially those in stores - can provide invaluable information to someone intent on breaking in and stealing, or any other kind of mischief.

He also managed to access three red-light cameras in a town in Texas, and while he didn't change any settings, he could have. And if he could have, anyone else could, too. A scary thought, don't you think?

Luckily for all of us who have the need for such a surveillance setup, securing these cameras can be done easily and fast by following instructions in the manual. They - and the DVRs and NVRs - come equipped with onboard security settings that take only a few minutes to configure and effectively lock out anyone who shouldn't have access. Also, a simple step like changing the default username and password can do wonders.






Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //