The rapid shirt away from traditional analog cameras to Web-based IP cameras has led to the unintended consequence of virtual Peeping Toms, reports Ars Technica.
The problem, it seems, is that many IP camera consumers are either incorrectly securing their IP cameras or not securing them at all. What this means is that anyone with an Internet connection, a remedial understanding of the Web, and the right search terms can access multitudes of video streams on the Web, according to freelance journalist Tom Connor.
Finding IP cameras with Google is surprisingly easy. Though the information the search engine provides on the cameras themselves is typically little more than an IP address and a camera name or model number, Google still provides those who know how to ask with extensive lists of IP cameras and Web-enabled surveillance systems throughout the world.
The secret is in the search itself. Though a standard Google search typically won’t find anything out of the ordinary, pairing advanced search tags (“intitle,” “inurl,” “intext,” and so on) with names of commonly-used cameras or fragments of URLs will provide direct links to watch live video from thousands of IP cameras.
For example, a standard Google search for “Axis 206M” (a 1.3 megapixel IP camera by Axis) yields pages of spec sheets, manuals, and sites where the camera can be purchased. Change the search to “intitle: ‘Live View / - AXIS 206M,’” though, and Google returns 3 pages of links to 206Ms that are online and viewable. The trick is that instead of searching for anything related to the 206M, the modified search tells Google to look specifically for the name of the camera’s remote viewing page.
Connor also found other interesting vulnerabilities. He gained access to an unsecured pan-tilt-zoom IP camera, which allowed him to move the camera around and zoom in on things.