CIO

Insecam Web site should terrify those who use a default webcam password

Anything that's connected to the Web can be hacked, especially if you leave the default password in place.
  • Mark Hachman (PC World (US online))
  • 08 November, 2014 06:43

You know enough about security to change the default password of your router, but do you take the same precautions with your webcam? A new site, Insecam, claims to exploit thousands of webcams with default passwords in the name of security.

Don't expect to be able to visit and peer willy-nilly into the lives of unsuspecting citizens around the globe, however. It appears that the site may be routing IP streams through its own servers, allowing it to serve ads next to the pictures of warehouses, restaurants, and gyms. In fact, the vast majority of the site appears to be swamped, with video images quickly replaced by "broken picture" icons in your Web browser. It's the principle that counts, though.

Clicking on an individual stream gives you the IP camera's location, the model used, and the username and password--usually some variation on "admin." Fortunately, the site's search tools are virtually nonexistent, preventing you from searching for a particular city (although a site search via Google will do the trick).

By claiming to make webcam snooping simple, however, the site once again highlights the fact that eyes in the sky--or in your kid's bedroom--can be connected to just about anyone with the right credentials. Even pitch blackness isn't an escape for some cameras.

In a FAQ, Websecam says they do what they do in the interests of security. "These cameras are not hacked," the site says. "Owners of these cameras use default password by unknown reason. There are a lot of ways to search such cameras in internet using google, search software or specialised search sites."

The site then goes on to list several links--none of which are as convenient as Websecam, however.

The bottom line is this: Whether or not the site offers an easily exploited way to peer into the daily lives of others, you can prevent it from happening to you. Change the default password. If everyone does this, there won't be any reason for creepy sites like Insecam to exist.

Why this matters:  If it's online, it can be hacked. But there's no reason to make it easy. We safeguard our banking information, our email, and even our phones. Forget the NSA; this should be an example of what not to do to prevent your neighbor from peering into your home.