Slashdot Mirror

← Back to Stories (view on slashdot.org)

Website Peeps Into 73,000 Unsecured Security Cameras Via Default Passwords

Posted by Soulskill on from the security-through-insecurity dept.

colinneagle writes: After coming across a Russian website that streams video from unsecured video cameras that employ default usernames and passwords (the site claims it's doing it to raise awareness of privacy risks), a blogger used the information available to try to contact the people who were unwittingly streamed on the site. It didn't go well. The owner of a pizza restaurant, for example, cursed her out over the phone and accused her of "hacking" the cameras herself. And whoever (finally) answered the phone at a military building whose cameras were streaming on the site told her to "call the Pentagon."

The most common location of the cameras was the U.S., but many others were accessed from South Korea, China, Mexico, the UK, Italy, and France, among others. Some are from businesses, and some are from personal residences. Particularly alarming was the number of camera feeds of sleeping babies, which people often set up to protect them, but, being unaware of the risks, don't change the username or password from the default options that came with the cameras.

It's not the first time this kind of issue has come to light. In September 2013, the FTC cracked down on TRENDnet after its unsecured cameras were found to be accessible online. But the Russian site accesses cameras from several manufacturers, raising some new questions — why are strong passwords not required for these cameras? And, once this becomes mandatory, what can be done about the millions of unsecured cameras that remain live in peoples' homes?

15 of 321 comments (clear)

  1. Ethics by iluvcapra · · Score: 4, Insightful

    Just because a door is unlocked does not mean you may walk inside, even if it is to tell the owner their door is unlocked.

    --
    Don't blame me, I voted for Baltar.
    1. Re:Ethics by Ichijo · · Score: 5, Interesting

      How would a good person inform the owner that their door is unlocked if the only way is contact them is to walk inside? Or is the correct response to just walk away?

      --
      Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
    2. Re:Ethics by Anonymous Coward · · Score: 5, Interesting

      That analogy certainly applies to the Russian website that is streaming the videos, but I think the blogger who has discovered this website that is streaming videos from people's homes and then tried to contact the owners is more like someone seeing their neighbors door open, some people that shouldn't be there walking out the door and then peaking in the door and calling out to see if everything is okay or letting them know when they get home that someone was in their house.

    3. Re:Ethics by arth1 · · Score: 4, Insightful

      Just because a door is unlocked does not mean you may walk inside, even if it is to tell the owner their door is unlocked.

      No, but it also doesn't mean you're not an idiot for not locking your door.

      Blame is not a limited commodity - you can add blame to the idiots who don't take precautions without removing any blame from those who break in. Point fingers in both directions. The breeches is a cooperation of the idiots and the outers.

      When and why did being an idiot become a right?

    4. Re:Ethics by fahrbot-bot · · Score: 4, Informative

      I know you are joking, but the line was plagiarized/borrowed. The original line was "life, liberty, and the pursuit of property". But It wasn't simply about the right to accumulate a bunch of luxuries; in context, it was referring to the pursuit of things that are somehow relevant to a satisfying and productive life. So it would be the right to pursue home ownership for your family, maybe fields for farming, and for many ./ers, it would be the right to accumulate gadgets, for the musically inclined, the right to procure instruments, etc. It doesn't take much of a stretch to go from this sort of enlightened satisfaction, to calling it merely "happiness" for simplicity.

      Take it from someone who, at 51, is debt-free, has a net-worth of almost $2M, but lost his wife in 2006 after 20 years together, "property" does not make "happiness". Though having "things" might make your pursuit of satisfaction and/or productivity (whatever that means to you) easier, property is a means to an end. Happiness is something you realize from within and, possibly, experience with someone else.

      Even after 20 years together, Sue and I held hands where ever we went - I miss that and nothing else I have can, or could ever, compensate for losing her. Remember Sue...

      The line is better written as, "the pursuit of happiness."

      --
      It must have been something you assimilated. . . .
  2. try telling this to old people by alen · · Score: 4, Interesting

    my father in law went to the at&t store with help on his wifi only ipad. he's totally confused by the need for an itunes store account password, wifi password on his home wifi and wifi passwords at other places

    1. Re:try telling this to old people by Anonymous Coward · · Score: 5, Insightful

      Tell him they're like keys on a keyring. You need a different key to unlock your desk draw even after you've unlocked your house. And when you go to someone else's house, your key doesn't work for them.

  3. People buy stuff without understanding is... by FlyHelicopters · · Score: 4, Informative

    Film at 11...

    The truth is, many people are using technology today without really understanding any of it. Even my own wife is pretty gumby with computers, if I wasn't there to do something about it, I have no doubt they would be full of malware and viruses.

    To quote my own Mother, "I don't want to learn all that technical stuff, I just want to use my computer".

    Yea, I have to say, I have to clean her machine off of crap every year. Every time I go over there, Internet Explorer has 5 or 6 toolbars installed because she clicks on everything.

    And no, she won't let me restrict and lock down the machine, I've tried that.

    1. Re:People buy stuff without understanding is... by arth1 · · Score: 5, Insightful

      To quote my own Mother, "I don't want to learn all that technical stuff, I just want to use my computer".

      That sounds like "I don't want to learn all that traffic stuff, I just want to drive on the highway."

      It might be better if there were two classes of devices, one run by others for them, and ones you drive yourself. All some people need is the equivalent of public transportation. We don't let people drive cars or fly planes without some basic skills, and while most don't get good at it, at least good enough to not be an instant hazard for everybody else.

       

    2. Re:People buy stuff without understanding is... by Jason+Levine · · Score: 5, Insightful

      Many people look at computers as if they are appliances. You don't need to know how to configure your toaster. You just plug it in and toast your bread. You don't need to edit some config file to make your refrigerator keep your food cold. Any "settings" come in the form of easy-to-read dials or buttons. Turn the dial on the stove and the heat goes on/up. Turn it the other way and it goes off. There's a group of people who expect computers to act like this. Unfortunately, computers are far more complex than any fridge or stove - especially once you go online and you are opened up to all of the security issues that this entails.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    3. Re:People buy stuff without understanding is... by arth1 · · Score: 4, Insightful

      Because you can plow your computer into a sidewalk full of pedestrians. Totally great analogy, that.

      Yes, you can. Your computer can be used as a base for attacking critical infrastructure, because you allowed it to be.
      Or you let someone get to your credit card information so you can't afford medication a week.
      Or your router gets disabled so you can't dial for help through your IP phone.
      Or somone finds classified information on your PC and uses it for nefarious purposes costing lives.
      The possibilities are there. Bits and bites can kill people these days.

  4. Re:Place the blame where it belongs by Imazalil · · Score: 4, Insightful

    But if a large number of users are not able to use their devices properly (ie. secure them) is that not the fault of the device maker? This isn't even about strong passwords, but just default passwords.

    It's a known fact that the general public is not security conscious, and that they do not read through manuals. Shouldn't the makers of these systems work towards making some basic security the default?

    The best, but not very good example is Windows. Microsoft provides lots of guidance on how not to get viruses or malware on Windows. Does that mean they get to wash their hands of anything that infects their user's machines when they open powerpoint slides from uncle Bob? Technically yes, but they do have some duty to make their product more secure because they know full well a large number (the majority) of people will click on any link that lands in their inbox.

  5. Not just cameras by RobinH · · Score: 5, Interesting

    Cameras are a problem, but it's not just cameras anymore. Nest thermostats, for instance, have occupancy sensors and they connect to the internet to work. So your thermostat tells a server on the internet if anyone's home (potentially). Smart meters have similar problems. We recently bought a temperature sensor (AVTECH brand) for our small server closet, and it automatically connected to GoToMyDevices.com as soon as I got it on the network, and started uploading sensor data. There was nowhere in the device's built-in web interface to enable or even disable this "feature". Nothing in the documentation. I looked online and found a forum where it explained that you had to telnet to the device, and at the main menu you had to select a hidden menu item, and then type a command to turn off this feature. It's that kind of absurdity that makes the whole "internet of things" just a house of cards waiting to collapse.

    --
    "I have never let my schooling interfere with my education." - Mark Twain
  6. Re:what's the fucking site? by nukenerd · · Score: 4, Informative

    http://www.insecam.com/

  7. Re:Why not strong passwords? by phantomfive · · Score: 4, Informative

    Default, simple or non-existent passwords on consumer appliances have nothing to do with programmers.

    So, I had a wireless router once that would not turn on until I changed the password. It is very much a problem that can be solved by programmers.

    --
    "First they came for the slanderers and i said nothing."