Thursday, 20 November 2014

Do you have an unsecured IP address baby cam or CCTV?

A website containing thousands of live feeds from baby monitors, webcams and CCTV systems is broadcasting these cams.

Data watchdogs across the world have drawn attention to the Russian-based site, which broadcasts footage from systems using either default passwords or no log-in codes at all.

The site lists streams from more than 250 countries.

It currently provides 500 feeds from the UK alone.

They include what appear to be images from:
  1. an office in Warwickshire
  2. a child's bedroom in Birmingham
  3. a home's driveway in Nottinghamshire
  4. a gym in Manchester, a pub in Salford
  5. a shop interior in London
Some of the feeds showed a static image but did not otherwise appear to be working.
Camera owners are being urged to check their equipment and set hard-to-guess passwords containing a mixture of lower and upper case letters, numbers and other characters.

The privacy watchdogs have provided the name of the site to the media, however the BBC has opted not to publish it.

The UK's Information Commissioner's Office acknowledged that other members of the press might reveal the details, guiding people to the feeds.

The underlying problems with this don't just relate to this one webcam site, but potentially to anyone who uses a default password on any device.

Password problems
The site in question lists the feeds both by country and by device manufacturer.

China-based Foscam was the most commonly listed brand, followed by Linksys and then Panasonic.

Foscam camera Owners of old Foscam baby monitors and webcams may be unaware of the risks

Password tips:
The University of Surrey's Prof Alan Woodward is among security experts who have suggested internet users should now update their login details.

He suggests the following rules should be observed when picking a new password.
Don't choose one obviously associated with you

Hackers can find out a lot about you from social media so if they are targeting you specifically and you choose, say, your pet's name you're in trouble.

  1. Choose words that don't appear in a dictionary
  2. Hackers can precalculate the encrypted forms of whole dictionaries and easily reverse engineer your password.
  3. Use a mixture of unusual characters
  4. You can use a word or phrase that you can easily remember but where characters are substituted, eg Myd0gha2B1g3ars!
  5. Have different passwords for different sites and systems
  6. If hackers compromise one system you do not want them having the key to unlock all your other accounts.
Keep them safely
With multiple passwords it is tempting to write them down and carry them around with you. Better to use some form of secure password vault on your phone.

No comments:

Post a Comment