Slashdot Mirror
Website Peeps Into 73,000 Unsecured Security Cameras Via Default Passwords
colinneagle writes: After coming across a Russian website that streams video from unsecured video cameras that employ default usernames and passwords (the site claims it's doing it to raise awareness of privacy risks), a blogger used the information available to try to contact the people who were unwittingly streamed on the site. It didn't go well. The owner of a pizza restaurant, for example, cursed her out over the phone and accused her of "hacking" the cameras herself. And whoever (finally) answered the phone at a military building whose cameras were streaming on the site told her to "call the Pentagon."
The most common location of the cameras was the U.S., but many others were accessed from South Korea, China, Mexico, the UK, Italy, and France, among others. Some are from businesses, and some are from personal residences. Particularly alarming was the number of camera feeds of sleeping babies, which people often set up to protect them, but, being unaware of the risks, don't change the username or password from the default options that came with the cameras.
It's not the first time this kind of issue has come to light. In September 2013, the FTC cracked down on TRENDnet after its unsecured cameras were found to be accessible online. But the Russian site accesses cameras from several manufacturers, raising some new questions — why are strong passwords not required for these cameras? And, once this becomes mandatory, what can be done about the millions of unsecured cameras that remain live in peoples' homes?
The most common location of the cameras was the U.S., but many others were accessed from South Korea, China, Mexico, the UK, Italy, and France, among others. Some are from businesses, and some are from personal residences. Particularly alarming was the number of camera feeds of sleeping babies, which people often set up to protect them, but, being unaware of the risks, don't change the username or password from the default options that came with the cameras.
It's not the first time this kind of issue has come to light. In September 2013, the FTC cracked down on TRENDnet after its unsecured cameras were found to be accessible online. But the Russian site accesses cameras from several manufacturers, raising some new questions — why are strong passwords not required for these cameras? And, once this becomes mandatory, what can be done about the millions of unsecured cameras that remain live in peoples' homes?
Film at 11...
The truth is, many people are using technology today without really understanding any of it. Even my own wife is pretty gumby with computers, if I wasn't there to do something about it, I have no doubt they would be full of malware and viruses.
To quote my own Mother, "I don't want to learn all that technical stuff, I just want to use my computer".
Yea, I have to say, I have to clean her machine off of crap every year. Every time I go over there, Internet Explorer has 5 or 6 toolbars installed because she clicks on everything.
And no, she won't let me restrict and lock down the machine, I've tried that.
Strong passwords are not mandatory because it's the responsibility of the user to read the instructions and secure the device. If they don't, they have no reason to complain. It was their choice to disregard the instructions.
A question is whether people who are that stupid should be allowed to own surveillance devices. The risk of stupid people reacting inappropriately to real situations and causing harm instead of preventing it seems rather high.
When and why did being an idiot become a right?
It's right there in the Declaration of Independence (for people in the US anyway) -- "Life, Liberty and the pursuit of Happiness" -- and ignorance is bliss (or so I've heard...)
It must have been something you assimilated. . . .
http://www.insecam.com/
This is because of people who are too lazy or too intimidated by technology to understand it. You buy the camera, many times you open a port on a router, but you fail to change the password. I am not going to blame the manufacturer for that.
However, manufacturers could make the default a lot more secure by using methods to randomize the default passwords of the cameras. I've setup routers where the default password is printed on a plate on the bottom (next to the mac address and default IP). This gives you a degree of randomness and makes brute force near impossible without physical access to the device. This way, the user still has the freedom to change to a blank password, 'password' as password etc. if they choose to unprotect themselves. But the default becomes reasonably secure.
This is mostly a problem with users, but sometimes the manufacturer needs to adjust the process to help the intimidated, ignorant, or lazy user along.
Default, simple or non-existent passwords on consumer appliances have nothing to do with programmers.
So, I had a wireless router once that would not turn on until I changed the password. It is very much a problem that can be solved by programmers.
"First they came for the slanderers and i said nothing."
... after an hour of poking around. Nothing to see.
It little behooves the best of us to comment on the rest of us.
There looks to be 255 'territorial' top level domains ("country code" TLDs) - not all of which are acknowledged as countries in say, the UN.
That 255 includes: .zr, .an, .cs, .dd no longer exist as countries
1 for European Union
1 for Antarctica
2 for Russia
2 for East Timor
2 for UK
yu,
a crapload of administrative/dependent territories that are inconsistently applied. ie: Canada's "territories" do not get TLDs but similar entities in other countries do.
I know you are joking, but the line was plagiarized/borrowed. The original line was "life, liberty, and the pursuit of property". But It wasn't simply about the right to accumulate a bunch of luxuries; in context, it was referring to the pursuit of things that are somehow relevant to a satisfying and productive life. So it would be the right to pursue home ownership for your family, maybe fields for farming, and for many ./ers, it would be the right to accumulate gadgets, for the musically inclined, the right to procure instruments, etc. It doesn't take much of a stretch to go from this sort of enlightened satisfaction, to calling it merely "happiness" for simplicity.
Take it from someone who, at 51, is debt-free, has a net-worth of almost $2M, but lost his wife in 2006 after 20 years together, "property" does not make "happiness". Though having "things" might make your pursuit of satisfaction and/or productivity (whatever that means to you) easier, property is a means to an end. Happiness is something you realize from within and, possibly, experience with someone else.
Even after 20 years together, Sue and I held hands where ever we went - I miss that and nothing else I have can, or could ever, compensate for losing her. Remember Sue...
The line is better written as, "the pursuit of happiness."
It must have been something you assimilated. . . .