Slashdot Mirror
Google Exposes Web Surveillance Cams
An anonymous reader writes "Blogs and message forums buzzed this week with the discovery that a pair of simple Google searches permits access to well over 1,000 unprotected surveillance cameras around the world - apparently without their owners' knowledge." Apparently many of the cams are even aimable. Oops!
What is the search keyword.
This just underlines the engineer's problem with making something secure, yet making sure every moron in the U.S. can plug it in and turn it on and have it basically work.
meh
I use http://www.google.ca/search?q=inurl%3A%22axis-cgi% 2Fmjpg%22&btnG=Google to find them. It works great.
http://www.google.com/search?hl=en&lr=&safe=off&c2 coff=1&q=inurl%3A%22MultiCameraFrame%3FMode%3D%22
This is why you should never trust some other company with your own surveillance needs. There are plenty of camera + software combinations that can do TCP/IP stuff and you can tinker with it yourself and set it up on your own apache server.
I am sure someone will post with OSS software solutions.
Aside from that, how many people really need web-enabled surveillance? Just record it to HD or have it monitored live in closed-circuit fashion.
Brushfireb
For the curious, here there is an article (in spanish, sorry) with some links to cams and what terms to search to find more, happy watching :)
t icle=146
http://sindominio.net/suburbia/article.php3?id_ar
I got a jump on this from the Boing Boing post a couple days ago. I use inurl:"axis-cgi/mjpg".i ?camera=&showlength=1&resolution=640x480 Shows animals under the knife, I've yet to catch a surgery yet.
This one seems to show every page printed off of some printer. http://81.72.76.218/view/index.shtml. Right now it's some photo.
This one http://217.148.2.106/view/index.shtml shows somes bar (German?) that seems very active.
This one http://24.173.235.172:8001/axis-cgi/mjpg/video.cg
Anybody find any other cool ones?
Use Google and search for the following:
inurl:"ViewerFrame?Mode="
or:
inurl:"MultiCameraFrame?Mode="
one two
:)
I have clicked some of them, and indded some provide pictures of various random places, like shopping center, bureau, or parking lot. But I've noticed that some of them are asking for a password, or simply refuse to connect. Does it mean that admins had fast response to this issue?
And btw - slashdotting thousands of cameras around the world is really funny. Karma prize for a person that finds the most interesting places!
#
#\ @ ? Colonize Mars
#
Sure, and if you're inexperienced or a moron then you can do it wrong, just as these people have. High quality tools can still be misused by dolts.
I am sure someone will post with OSS software solutions. Aside from that, how many people really need web-enabled surveillance? Just record it to HD or have it monitored live in closed-circuit fashion.
Does anyone remember the article, couple years back about people using X10 cams for survelience, which were easily monitored from, not a black suburban, but so much as a Yugo with a coathanger antenna out in the street? It's about understanding the deployment needs and big picture of security.
"hey, I can see myself in the bathroom in the internet.... uh..."
A feeling of having made the same mistake before: Deja Foobar
On pages with non-enlish text (E.G. this one http://aquashop-es.miemasu.net/MultiCameraFrame?Mo de=Motion&Language=1)
change language=1 to language=0 to get english text.
While looking ofr daycare for my kids, I came across a few that offered web based cam viewing of the kids/classrooms. My wife thought it was a great idea til I suggested that anyone could potentially view the kids....sex offenders, children theft services, etc. Sure the school offered password based access, but any system that is turned on can be compromised. Maybe it's the paranoid dad in me, but while it may be nice to see what my kids and teachers are doing, it scares me that some pediphile may be watching what kids are doing, learning their favorite activites, and their overall daily schedule. The ped could even be a parent that has a kid registered at the school making access even easier. So in the end, I axed schools that has cams (especially wireless ones) and convinced my wife based on the reasons above.
Perhaps some places have policies where the camera is on only for certain periods of time that vary weekly and IT departments that verify access logs, but I saw no such plans when I checked.
"Look Lois, the two symbols of the Republican Party: an elephant, and a fat white guy who is threatened by change."
Holy crap: "women doing laundry".
graffe.com suggests searching for inurl:"ViewerFrame?Mode=".
You can do slightly bettter by searching for inurl:"MultiCameraFrame?Mode=", as mentioned on Metafilter.
It should be obvious, but any web server that doesn't want to be on google should serve up the appropriate robots.txt file. This includes webcams in their default configuration.
main(O){10<putchar((O--,102-((O&4)*16| (31&60>>5*(O&3)))))&&main(2+ O);}
LN2 is cool!
Johnny at IHackStuff has a huge list of fun things like this you can get from google.
Here is the list of searches for network aware stuff: Google Cached since main site is down
Some search phrases for cameras are: "camera linksys inurl:main.cgi" and
"powered by webcamXP" "Pro|Broadcast"
Don't forget that google can limit results to region by using "site:.jp" or similar.
In any case, I have to admit that one of my guilty pleasures used to be (before the slashdotting) this fun link to... 137 java-controllable webcams around the world: http://www.google.com/search?q=intitle%3Aliveapple t+inurl%3ALvAppl
A certain japanese construction site has made a lot progress lately. :)
Power to the Peaceful
Is this the first recorded instance of a wide array of small webcam servers getting simultaneously slashdotted?
I win:
...
http://63.243.46.98:8081/axis-cgi/mjpg/video.cgi
Runnin' On Empty
Where's the bloody ZOOM!!
There is also a known vulnerability with the root password
/ 12/msg00067.html
http://cert.uni-stuttgart.de/archive/bugtraq/2001
Since most of them are being used as simple security cameras for simi-public areas, there really isn't much secret data that is going to be discovered..
So you can watch cars in a parking lot.. Or people mill around the mall...Big risk there..
I don't see a big deal that most of them are not being locked down. Unless i missed something here..
---- Booth was a patriot ----
Incidentally, Bush was born in Connecticut, so I often wonder why they call Texas his home state.
Adopted, I suppose.
Google - home" Requires installation of activeX plug-in. Great video feeds.
Google - inurl:"ViewerFrame?Mode=Motion"
Google - inurl:LvAppl intitle:liveapplet
Google - intitle:"Live View / - AXIS"
Google - "Powered by webcamXP"
Google - inurl:indexFrame.shtml "Axis Video Server"
Google - "MOBOTIX M1" and "open menu"
Google - intitle:flexwatch intext:"Copyright by Seyeon TECH Co"
Google - intitle:"WJ-NT104 Main"
-- ladies and gentlemen we are floating in space!
It's not really obvious.
:
.
If you don't want your webserver to be 'found' then either
A. don't put it online. (Right)
B. security through obscurity: don't link to it, don't save a record of it. No links = no crawling/spidering.
C. Put it behind a server-wise password
Because in the end, Google may respect robots.txt but I, for one, don't when creating a local cache of a site using HTTrack
And I'd imagine there's search engines which ignore it just as well.
I disagree:
i
http://webcam.magic.iac.es/axis-cgi/mjpg/video.cg
Black and grey are both shades of white.
If you look on axis's site, you see most of them atre ~640x480 resolution, one being 1280x960, toshiba also has one megapixel version but it's astronomically out of price reach for simple applications.
:)
With all of those sub 100 cameras that are going up to 3mpix these days, how come there aren't "HD"webcams or anything similar in the cheap end of the spectrum? it would be good enough for low-level consumer home security, and I'm sure it would sell like crazy. I know the image quality wouldn't be equal to the top webcam using CCD out there, but some application would require more resolution before perfect color reproduction.
Anyways just a thought... If anyone could point me to something that already exists, it would be nice, as I am sure a lot of people here would jump on this...
--- Metamoderating abusive downgraders since my 300th post.
Even eafter this story has been posted and many of the cameras have been slashdotted the admins still wont have a clue.
These have been known for a while. It's hardly breaking news. I visit the site soetimes. There is a lot more than cameras. There are links for usernames, passwords, databases, etc.
a little car shop
Not entirely sure what this is
Japanese fish store
The ______ Agenda
I heard about this sort of security problem when CU-SeeMe first came out years ago and I'm surprised it has become an issue again. Apple's iSight has a built-in iris that closes when you twist the lens, and twisting the lens also doubles as a switch for turning the camera on and off as well as launching iChat AV. Plus, there's a little LED that lets you know when it's on. I always thought that webcams should always have a physical lens cap on them because just for that added security, and never considered getting one until the iSight came out.
Ok, I've clicked on the links mentioned and the results from google and I'm getting weather cams and empty offices.
We all know why we jumped on this story so now somebody needes to deliver!
further, if security is the issue, there are indexes that IGNORE robots.txt file, (and I'm sure there are some that actively look for robots.txt that are exclusionary) not everyone lives by the motto "do no evil"
a spider reading the robots.txt is a nice, perfect world, internet convention, much like SMTP- and we all know how well that ended up.
every day http://en.wikipedia.org/wiki/Special:Random
As David Brin frames it - I've stolen his opinion for this post, the key issues are transparency and egalitarianism.
The fact that we can look is not the problem. The problem with surveillance cameras is when people can look at us, but we can't look back.
Wouldn't it be better if a women going to her car can look at surveillance cameras up the block to make sure she will arrive safely? Or a citizen's watch groups can virtually patrol it's own neighbourhood?
The key problem is when a select few can control and abuse the technology and possibly enforce the law selectively. For example, corrupt cops losing video evidence of them beating someone to death.
I'm not completely sold on the idea, but it's an opinion worth considering.
Transparent Society
http://lobbycamera2.abia.org/view/index.shtml
http://24.234.255.102/axis-cgi/mjpg/video.cgi?came ra=4&resolution=352x240
I saw a couple of college age kids making out on one cam, but that's as close as I have got.
Lets say your local friendly 'protection' dude wanders in to your shop one day asking for money 'or else'.. you can either..
a) inform him that his every move is being watched by a million slashdotters..
b) pull your gun out from under the counter and blow his brains out - then tell the police there's plenty of witnesses to interview.. ;)
Google Error We're sorry... ... but we can't process your request right now. A computer virus or spyware application is sending us automated requests, and it appears that your computer or network has been infected.
We'll restore your access as quickly as possible, so try again soon. In the meantime, you might want to run a virus checker or spyware remover to make sure that your computer is free of viruses and other spurious software.
We apologize for the inconvenience, and hope we'll see you again on Google.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
OK, so you can do a Google search for part of the URL and find all of the cameras that Google knows about.
But why does Google know about them in the first place?
Google (or any other indexing bot) can't find web pages that don't have a link to them. And, typically, they can only find sites that have links from other sites, or that have been "suggested" to the search engine by a user.
So, somebody put a link to the webcam in a publically-accessible page somewhere. If somebody puts a link to a security cam or a nanny cam in their home page or blog, sure, they can expect the world to be looking in!
If someone tells us, "Get outside more", does this count?
Table-ized A.I.
Meanwhile you probably secretly fantasize about having sex with underage cheerleaders yourself...
In case anyone didn't notice, danila looked up the posting history of FerretFrottage and found a post to use as incriminating evidence against him. This is a rather advanced flaming technique. I am quite impressed. Well done.
My other first post is car post.
Bandwidth is the answer. A camera at 640x480 at 30fps has to have compression turned *way* up to make it out the typical home user's 256k or 512k of upstream bandwidth.
Next, the phillips TriMedia chip and competitors support real-time compression at 640x480 and are available in volume. Chips that can suport compression at higher resolutions aren't made in volume, so are much more expensive.
Finally, if you need high resolution, just switch to a telephoto lens. If you need to look at several areas of detail, use several cameras.