If You Didn’t Change the Default Password on Your Security Camera, Someone’s Probably Watching It Stream
by Kate Cox, Consumerist
Remote access has been a boon to many industries. Home security cameras, for example: not only can you keep an eye on your property in case anything bad happens, but you can do it in real-time, instead of reviewing footage after the fact. But cameras protecting the security of your home may in fact need a serious security helper of your own. And running tens of thousands of searchable livestreams from unwitting camera owners who didn’t change default the access passwords on their devices is certainly one (unethical, intrusive) way to make the point.
One site does exactly that, as Vice reported recently. The site runs live streams of feeds from tens of thousands of IP cameras around the world.
Users buy the devices — think nanny cams, baby monitors, and home security — to keep an eye on their families, valuables, and property. But with poor security practices, anyone and everyone else can keep an eye on your goods, too.
Cameras designed to be accessed remotely, as these are, have passwords. And they ship with default passwords, that users are supposed to change during the set-up processes. Only, many users don’t. (Even when they do, admittedly, people are often objectively terrible at passwords.)
That makes it easy for someone with an idea for a website to come along and write a script that looks for cameras on the internet, then tries the default password on them and adds the feed to a public collection if that password works.
Federal Trade Commission: Using IP Cameras Safely