Attention has recently been drawn to a Russian website which is broadcasting streams of insecure webcams, baby monitors and CCTV system.
The site features feeds and images from over 200 countries and Pakistan is among them. The website has a message that states:
“This site has been designed in order to show the importance of the security settings. To remove your public camera from this site and make it private the only thing you need to do is to change your camera’s default password.”
A Russian website is selling live streams of webcams from around the world, including from Pakistan
The security issue has been pointed towards people using no passwords or factory default passwords for their devices, and forgetting to turn off remote access when they don’t need it anymore. Hackers simply scan the internet for devices that use default credentials and as it turns out, there are thousands of results.
Cameras from Foscam, Panasonic and Linksys are among the vulnerable devices listed on the site. In response, many manufacturers have already put out software updates which force users to choose a new password. However, hundreds of results are from older devices that are no longer being manufactured and can’t be patched with a software update so customers are being urged to be proactive.
Speaking about the security breach, Gail-Joon Ahn, professor of computer science and engineering at Arizona State University said, “If they don’t care about privacy, I don’t think it will bother them. But in general, it’s security 101. Don’t use the vendor’s default password. It’s time to change our paradigm. The users should be involved in security practices so they can protect their own assets as well.”
Hackers simply scan the internet for webcams that use default passwords and as it turns out, there are thousands of results.
As anyone with even a slight background in security will tell you, this is not new news nor is it a one-off occurrence. There are millions of insecure devices on the internet. For example, Shodan is a search engine dubbed ‘Google for Hackers’. It exposes online devices and that includes smartphones, webcams, routers and even industrial power plants.
These issues are only going to be become more pronounced with time. There has been a movement to usher in the ‘Internet of Things’ in which even your refrigerator talks to the web but no heed is paid to the massive security risks associated with these devices. Manufacturers have shown an amazing ineptitude in providing basic security and users are unaware or simply unwilling to put in the effort to secure their devices themselves.
As a result, someone with simply an internet connection can look into your houses and workplaces. Imagine what someone with actual knowledge can do. Fortunately, the fix is very simple. Start off by simply changing your default passwords on all devices. For example, ‘admin’ and ‘admin’ for your internet router is not a very secure combination. For your smartphones and other devices, try and be aware of any software updates and apply them immediately. Furthermore, make sure that your Wi-Fi networks at home and at your office are encrypted.