As more and more IP cameras get connected to the Web, it's easy for voyeurs to find unsecured cameras and do what they do best: watch.
The rapid shirt away from traditional analog cameras to Web-based IP cameras has led to the unintended consequence of virtual Peeping Toms , reports Ars Technica.
The problem, it seems, is that many IP camera consumers are either incorrectly securing their IP cameras or not securing them at all. What this means is that anyone with an Internet connection, a remedial understanding of the Web, and the right search terms can access multitudes of video streams on the Web, according to freelance journalist Tom Connor.
Finding IP cameras with Google is surprisingly easy. Though the information the search engine provides on the cameras themselves is typically little more than an IP address and a camera name or model number, Google still provides those who know how to ask with extensive lists of IP cameras and Web-enabled surveillance systems throughout the world.
The secret is in the search itself. Though a standard Google search typically won’t find anything out of the ordinary, pairing advanced search tags (“intitle,” “inurl,” “intext,” and so on) with names of commonly-used cameras or fragments of URLs will provide direct links to watch live video from thousands of IP cameras.
For example, a standard Google search for “Axis 206M” (a 1.3 megapixel IP camera by Axis) yields pages of spec sheets, manuals, and sites where the camera can be purchased. Change the search to “intitle: ‘Live View / - AXIS 206M,’” though, and Google returns 3 pages of links to 206Ms that are online and viewable. The trick is that instead of searching for anything related to the 206M, the modified search tells Google to look specifically for the name of the camera’s remote viewing page.
Connor also found other interesting vulnerabilities. He gained access to an unsecured pan-tilt-zoom IP camera, which allowed him to move the camera around and zoom in on things.
More online Googling discovered unsecured IP cameras installed in retail shops, which, naturally, doesn't seem wise. As Connor notes, if a thief could tie the camera's IP address to the store's specific location, the streaming video could be used by a criminal to case a target and determine the ideal time to rob it. In the most disconcerting instance, Connor accessed a public IP camera watching over an intersection in College Station,Texas (location below).
And Connor's right, it's incredibly simple to access unsecured IP cameras. After reading his piece, I was able to view an unprotected IP camera in less than two minutes. I'll I did was follow the search terms he provided, found a camera's IP address, and copied and pasted it into my Web browser. Instantly I was watching a lakefront view of an American flag blowing in the wind, which also displays the address of a Web site full of family vacation photos.
So a useful reminder for IP camera customers: Unless you want the unwashed masses of the Internet using your IP camera to gawk at whatever it is you're streaming, secure your IP cameras.
♦ Photo from SingaporeSkyCam2 by ngotoh/Flickr