These days, it’s not just computers that have passwords. More and more devices can be connected to the Internet or wi-fi: routers, printers, security cameras, or home environmental controls. Obviously security is an important issue: after all, you don’t want someone taking over your home. But how many of us don’t bother to change the default passwords? It’s a surprising number, if the recently discovered voyeur site Insecam is anything to go by. (Note: we are not linking to the site for obvious reasons: this links to an article by the person who discovered it.)
The site owners have trawled the Net for the IP addresses of security cameras. They then try out the standard default logins and passwords for the popular models – often simple things like 1234, 9999, user1, admin, or the manufacturer’s name. Some models don’t even have passwords by default. They can then find out where the camera is located, often linked to Google Street View, so you can get the address and even a picture of the building.
The site currently lists a staggering 73,000 locations, in 256 countries. Over 11,000 of them are in the US, mostly private homes. Many locations have up to 16 channels, enabling visitors to see multiple cameras in the building.
You can see right into unsuspecting owners’ bedrooms, children’s rooms, and living rooms without their knowledge. You can watch people sleeping, getting dressed, or going about their daily lives, unaware of the fact that literally anyone in the world can see them. The cameras that they thought were providing them security are exposing their private lives to public view. Thieves can check whether you’re home, or see where you hide your valuables. Other uses are much more sinister and unsettling.
This has happened before. Last year, a site called TRENDnet listed over 400 vulnerable cameras. It was shut down by the FTC, but that shouldn’t make you feel safe. This new site, located in Russia, has over 200 times as many cameras on its list, and it’s unlikely to be subject to the jurisdiction of the FTC.
You can’t rely on the law to protect you. You should always change the default login and password for every single device you own: your wi-fi router, your printer, games consoles, and cameras.