IoT Risk: Live Public Video in Private Homes
One of our followers brought to our attention a website that is providing live feeds of cameras located around the world http://www.insecam.org Their concern was in relation to reading a recent Victoria Buzz article about Internet-connected cameras inside private homes in Victoria, BC where they live.
Clearly this is a privacy concern and a security concern, as I will show.
This has to do with the growing trend of the "Internet of Things" (IoT), where Internet connectivity is moving beyond laptops or smartphone and is being integrated into everyday items. Consumer items such as thermostats, light-switches, wall-plugs, water sensors, toys, and cameras are beginning to be connected to the Internet. From a security perspective this raises some concerns. In this particular case, cameras are what I want to discuss a bit.
The unfortunate thing is that this is not an uncommon event in our world. Thankfully today, Internet-connected cameras are better secure than they were 8 years ago. But unfortunately, some of those old cameras are still live. Or some people have purposefully (likely mistakenly) made their cameras public. To make things clear, this is not hacking, as the owners of the devices have made the cameras public for anyone to access. There are other services available that looks for open/public Internet-connected devices such as cameras. Even doing Google searches can reveal live cameras.
The practical usage of this is in something like the BC highway cameras used to show travelers current road conditions http://images.drivebc.ca/bchighwaycam/pub/html/www/index.html. Or cityscapes such as in Vancouver http://www.vancam.ca/
However, publicly accessible video feeds inside private homes is concerning.
This website is simply aggregating the IP address for cameras in an easy to use interface. Again, the site is not hacking into the cameras. This is unfortunate for the people who have installed an unlocked camera in their personal spaces, which likely have no idea how public their video is.
Removing the website will not solve the problem as these cameras can be accessed from any web browser by typing in the public camera address. It is up to the owner of the camera to take it offline or enable security features.
What if you have a camera in your home? The likelihood that by default your camera will publicly stream live video is very unlikely, especially if you have purchased a new camera within the last few years. The default setup with cameras now is to protect them by needing login credentials like a password.
As for threats to hacking, this can be an issue. Anything that connects to the Internet has the potential to be hacked. Such example is with D-Link cameras that had some problems not too long ago in 2016 with flaws that allowed hackers to break into the cameras remotely http://www.pcmag.com/news/345955/d-link-webcams-vulnerable-to-hacking. This flaw is now fixed via updates.
If you buy Internet-connected cameras from reputable brands and keep with updates on those devices, the likelihood of being hacked is minimal. BUT there is always a potential for flaws in the devices to emerge or hackers to break in. Thankfully manufacturers are starting to build more secure internet connected devices but this is still an emerging issue with security. Brands like D-Link are more invested in securing its customers and when issues emerge will work to fix them.
We always get laughs as we show this example in our presentations on how fridges were hacked to distribute spam emails http://www.bbc.com/news/technology-25780908. This example shows how security in everyday items needs to be a serious concern. We all need to treat internet connected devices with the same level of security as we do with our laptops and smartphones.
These are risks anyone who buys Internet-connected devices face.