A fairly new website has caused a recent stir.  Insecam.com provides links to thousands of webcams around the world.  It has been mentioned in recent news reports ranging from Lifehacker and CNET, to the UK Daily MailPC World, and more. Vulnerable webcams are not something new, though, yet their popularity has certainly grown along with the threat of misuse.

The first well documented webcam was set up to watch a coffee pot at Cambridge University in 1991

[read more]. That camera (and coffee pot) was finally turned off in 2001, but by then, many more webcams had been turned on. (See more about the history of the coffee cam at the end of this article.)

First Webcam, Cambridge University

In early part of this century (2004) while I was searching online for information on webcams I came across a website that posted hundreds of webcam images. Briefly looking through the first few images, I spotted a view of a parking lot that looked familiar. Checking it out further I realized it was the parking lot of an office building where I had done a lot of work.  An IT company had installed the webcam in their office window to be used as a demo of the technology they offer.

Back in 2004, most of the cameras exposed on this website were rather boring, from universities, laboratories, weather sites, and resellers of webcam equipment, as a way to demonstrate their cameras. Now though, webcams have become so popular and so readily available that the types of views are endless, and perhaps a little scary.

The insecam site now offers over 70,000 camera links.  Most of these links, I’m sure, were never intended to be open to the public. They include homes, garages, playrooms, yards, many personal areas as wells as retail stores and offices.  I recently came across a similar website where the available cameras are grouped by categories- including “Office” and “Boardroom”. Yes, someone’s boardroom has an open webcam in it!

Insecam makes it clear, though, that these are all web enabled cameras that have never changed their passwords or login credential from the default. According to them, they are not actually “hacking” into someone’s camera or network to access the camera. They are using publicly available url’s that connect to the camera. Consumer webcams often use a web forwarding service that is provided by the manufacturer of the camera or dvr. The forwarding services also help make it easy to search for open connections, since they have similar urls.

Bottom line- unless you want your web-camera images publically available, then change the login and passwords!

But wait, there’s more… another reason to be scared- web cam links often provide a path directly into your network because the webcam has already bypassed the firewall. If a hacker knows the link to your webcam, it could be very simple for them to attack other equipment on your network. If you have web enabled cameras or recorders, you may want make sure they are isolated from your main network.

 

from CNET.com:

Coffee-cam [read more]:

https://youtu.be/QB7qWQ9fn1k