A few months back, I wrote about the case of a hacked baby monitor and how essential it is to have privacy and security protections built into your product before going to market. One of the main issues that led to the story was the default password setting. Many cameras, DVRs and CCTV systems have the username and password set to the basic “admin” or “password” setting. Consequently, many users forget or don’t realize they need to customize those settings.
Fast-forward to today and check out this post by NetworkWorld columnist Ms. Smith. On Thursday, she stumbled upon a mecca of video feeds complete with links to an astounding 73,000-plus unsecure web cams from across the world.
Eerily, the site is very user-friendly. You can search by country (the U.S. sets the gold standard with more than 11,000 connected webcams), by manufacturer (including Foscam, Linksys, Panasonic and AvTech) or, like an iTunes playlist, you can hit shuffle and view a random camera feed. Plus, many of the connected cameras include location coordinates and a handy Google Map pinpoint.
Nefarious or not, the administrators of the site, with an IP address linked to Russia, argue, “This site has been designed in order to show the importance of the security settings.” And they provide victims of these appropriately titled “public cameras” with an out: “To remove your public camera from this site and make it private, the only thing you need to do is to change your camera password.” In their FAQ section, they also detail how a victim can write them to ask for their URL to be removed.
Ironically enough, one of the few countries not on this site is North Korea, but for just about every other country and region—including Palestine—there are unsuspecting public cameras conveniently linked to the site. So there you have it, a website with eyes on the world—from public squares, malls, underpasses and industrial spaces to cafes, restaurants, retailers, houses and, most disturbingly, the baby’s room.
After perusing the site, Ms. Smith explains, “There were lots of businesses, stores, malls, warehouses and parking lots, but I was horrified by the sheer number of baby cribs, bedrooms, living rooms and kitchens; all of those were within homes where people should be the safest, but were awaiting some creeper to turn the ‘security surveillance footage’ meant for protection into an invasion of privacy.”
Naturally, the Foscam links tend to be viewing baby cribs. There were enough to prompt Ms. Smith to spend her day trying to contact the users of these video feeds. And good for her for taking on that Herculean task.
But as I wrote in May, companies need to build privacy and security protections in from the start. In this case, it could be as simple as requiring new users to change their usernames and passwords in order to use the camera.
There are a lot of bad actors and Peeping Toms out there invading people’s privacy on a daily basis. Last year, for example, Jared James Abrahams—over a two-year period—hacked women’s computer webcams to secretly record and then blackmail the unsuspecting young women. One of his victims even happened to be Miss Teen USA Cassidy Wolf, who, to her credit, turned her nightmare into education for other young women.
Even in nonsensitive situations, the unsuspecting placement of cameras is a disturbing prospect for people. Just look, for instance, at the controversy that’s erupted on Harvard University’s campus after it was discovered that researchers used hidden cameras to measure attendance in specific classes. Though the data was anonymized, students and faculty are outraged.
Plus, in an incredibly disturbing case, a woman in Manhattan is suing her two landlords after she discovered a camera was hidden in a digital clock in her bathroom. On the camera's USB drive she found naked photos of herself, and police found other secretly and strategically placed cameras containing more than 70 hours of compromising video.
This all goes to show that there are a lot of creeps and immoral people out there trying to hack their way into our lives. The last thing we need is for poor design practices and wanting consumer education to make it easier for those adversaries.
If you want to comment on this post, you need to login.