Webcam users are being warned once more to check the security of their devices, after a white hat cybercrime researcher found feeds from more than 15,000 private cameras being broadcast online.
Avishai Efrat of VPN advice site WizCase discovered feeds from private webcams, set up not just in homes but also businesses, private institutions and places of worship. The news is especially worrisome, Efrat claims, as it could give hackers insider information they could use for future phishing campaign – or even footage that could be used to blackmail individuals or organisations.
A whole host of manufacturers were among those displaying a vulnerability, including AXIS net cameras, Cisco Linksys, Mobotix and Yawcam.
The feeds were, Efrat said, “inside the kitchens, living rooms [and] offices of private family homes – including a live feed of people on the phone and children peeking at the camera directly. [Also] tennis courts, storage units, hotels, museum security feeds, churches, mosques, parking lots, gyms, and more.”
This vulnerability is thought to have its roots in two places. Firstly, the manufacturers didn’t put measures in place so the webcams could secure themselves when first installed – through password authentication or IP/MAC address whitelisting, for example. Secondly, the users themselves hadn’t taken the necessary precautions to ensure their webcams were not able to be accessed.
Whilst this issue concerns specific webcams, it shines a light on broader measures that need to be taken before the IoT reaches full market saturation. Internet-connected devices are not being sold with the relevant security measures in place, and users themselves aren’t sufficiently up to speed with the dangers that lie in not doing keeping them secure – or equipped with the knowledge of how to most effectively do so. As cyber security expert Graham Cluley noted, it seems that manufacturers have prioritised ease-of-use and simple installation processes over security – thereby leaving users massively exposed.