Insecure IP cameras: tap into surveillance cameras in the browser

Inadequately protected security cameras are an Eldorado for criminals, burglars and identity theft

There are countless IP cameras, surveillance systems that can be integrated into the WLAN, and similar technology on the market that can easily be hacked if insufficiently secured. In the 21/2017 issue, ComputerBILD showed some unsafe manufacturers and models of WLAN surveillance cameras. Under the headline "Sloppy protection. Deceptive security.“There was also an indication of how easy it is to select insecure IP cameras directly in the web browser and call up their images / video streams. Apparently there are 700 unprotected cameras in Germany alone.

Insecure IP cameras, i.e. WLAN surveillance cameras that operate without password protection and encryption, can be tapped and spied on online!

Insecure IP cameras, i.e. WLAN surveillance cameras that operate without password protection and encryption, can be tapped and spied on online!

Insecure IP cameras: Big Brother is everywhere!

By sloppy programming, according to ComputerBILD, manufacturers of surveillance cameras ensure that they monitor the house, apartment, garage, office or garden and make pictures / videos available to the user, but also make them accessible to criminals. Sure, a surveillance camera scares off many so that they don't even attempt a break-in. But if intelligent criminals discover insecure IP cameras, they can be tapped. The hackers (or beneficiaries of hacking offers) can then see when nobody is at home and which area is being monitored.

Support Sir Apfelot on SteadyHQ

Alternative to the IP camera: Game camera for surveillance

Passwords, mail addresses, FTP access, etc. become visible

If a manufacturer skimps on security, then insecure IP cameras can do more damage than they prevent. Because, on the one hand, cheap surveillance cameras already offer the images of which can be sent via WLAN to the Internet or to a smartphoneApp arrive, many functions such as night vision, etc., but the corresponding data lines are often poorly secured. In addition to image transmission, cybercriminals (according to ComputerBILD) can theoretically also access WLAN passwords, e-mail addresses and data transmission protocols (FTP, File Transfer Protocol). Digital security is thus given up on the user side.

Surveillance without WiFi: SecaCam HomeVista in the test

Insecam: Tap into unprotected surveillance cameras

In the article of the named trade journal you can find the reference to a website with the address insecure.org. Here you can find pictures and streams from tapped IP cameras all over the world. An elevator in the USA, a swimming pool in the Czech Republic, a fast food restaurant in Vietnam or a private apartment in Hong Kong? All this and more can be called up there using the preview images:

Insecam taps unprotected surveillance cameras around the world and offers images or live streams directly in the web browser - regardless of whether it is a commercial or private security camera.

Insecam taps unprotected surveillance cameras around the world and offers images or live streams directly in the web browser - regardless of whether it is a commercial or private security camera.

The offer on the Big Brother site, on which you can sort the unauthorized surveillance by country, manufacturer, time zone, etc., is presented entirely in business style. As if tapping insecure IP cameras is the most normal thing in the world. I once translated part of the text on the homepage from English into German:

"Welcome to the Insecam project. The world's largest directory of online surveillance cameras / security cameras. Select a country to view live street, traffic, parking, office, beach and Earth online webcams. Now you can search for live webcams all over the world. You can find Axis, Panasonic, Linksys, Sony, TPLink, Foscam and a host of other network video cams available online without a password."

In the FAQ of the site there is a note that the cameras whose pictures and videos are made available have not been hacked. They just don't have a password and can therefore be accessed by anyone and from anywhere. In addition, no built-in webcams or USB webcams are affected by the site and its offer.

Shodan: Unprotected smart devices end up on the internet

In the above-mentioned article in ComputerBILD 21/2017 there is also a reference to the shodan.io website. This site proudly presents itself as "the world's first search engine for internet connected devices". So if you use the Internet of Things (IoT) with your household appliances, garage doors, lights, blinds, etc., you might find your unsafe devices here again - according to ComputerBILD, 500 million devices are already listed!

Shodan is a search engine for smart devices that are insecurely integrated into the WLAN. Around 500 million insecure IP cams and other devices should be selectable worldwide.

Shodan is a search engine for smart devices that are insecurely integrated into the WLAN. Around 500 million insecure IP cams and other devices should be selectable worldwide.

Series in which a smart home is doomed: Mr Robot (Amazon Exclusive)

Manufacturers have to offer more security

Insecure IP cameras, i.e. WLAN surveillance cameras that users can call up via the provider website or app on smartphones and tablets, are not always secure. Especially when the providers always use the same passwords for the software and give the user neither the hint nor the chance to change the access data. Some manufacturers / brands such as Gigaset and Maginon want to solve their problems with firmware updates. So if you use an IP camera, then update it soon. AND: Read the operating instructions carefully. Because sometimes there are hints of possible safety precautions.

Conclusion on unsafe surveillance cameras

Insecure IP cameras are apparently not uncommon and you should always pay attention to individual password protection with the Internet of Things (IoT) and the integrated devices of your smart home. Before buying, it is better to ask the manufacturer how the systems are protected, whether the data lines are encrypted and so on.

Have you ever had to deal with insecure IP cameras or have you unwittingly opened the gates for criminals? Feel free to leave a comment on the topic!

Source website

-
Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership or at Patreon would support.

1 comment

  1. Thomas N says:

    It's almost frightening when you consider that certain IP cameras can be controlled with the right Google abbreviations, i.e. the right search parameters. The cameras can even be swiveled to some extent. And ultimately only because the companies allow remote access or do not assign a password. Incredible that even employees can be spied on in this way.

Leave a Comment

Your e-mail address will not be published.