Default Passwords, and How Easy it is to Spy

A still image of Insecam.com before it was taken down.

This is a still image of Insecam.com before it was taken down.

Using the default password on any device is entirely useless for security, this should not be of shock to anyone, but surprising amounts of people do not bother to change any default settings. In the article (link ‘A’ below) a family with a baby monitor didn’t change the default password, so a hacker used this monitor and camera to scare the nanny while the parents were out. Another case a hacker used the security system and baby monitor to “broadcast obscenities at the child”.

Hacking into camera systems with default passwords is not a rare occurrence, nor very difficult if you can access the network. As cameras are becoming more wireless and allow remote logging in, the easier it is to hacking into the cameras. In fact a site called in Insecam.com has hacking into hundreds of thousands of cameras in over 152 countries using default passwords. Any person could access the site and browse a wide selection of cameras from office buildings to personal homes. The site has been shut down for obvious reasons, but the ability for one person to do this and broadcast it over a website shows how unsecured people are. Some camera systems have changed their software to require a password change when installing to avoid this exact issue.

The owner of the Isecam defends his site saying. “we do not hack people’s passwords” and they do not host the video on their own servers. Every camera listed is found by using search engines, such as google and more specialized search software. “Specialized search software” is not further defined, but it does highlight how easily accessed these cameras are.

Some camera systems have changed their software to require a password change when installing to avoid this exact issue, but these articles all highlight the importance of changing your default passwords. Insecam proved how easy it is to spy using devices people installed for their own safety. Although the site is down, the cameras listed can still be accessed.

-Steven Masley

Sources:

A. https://nakedsecurity.sophos.com/2015/02/02/baby-monitor-hijacked-change-default-password-urges-foscam/

B. http://www.pcworld.com/article/2844995/insecam-web-site-should-terrify-those-who-use-a-default-webcam-password.html

C. http://www.computerworld.com/article/2850954/governments-hit-back-against-webcam-snooping-websites.html

Advertisements