I’ve been hearing stories about baby cams, nanny cams, laptop cams, computer cams, and inexpensive home security cameras that have been hijacked due to poor or non-existent security setting, and set up for viewing on the camera feed aggregation site www.insecam.org. These feeds are not just nurseries, but bedrooms, living rooms, and a variety of exterior locations. These feds also display GPS coordinates, which makes it trivial to find the exact location of the feed source. See an example below: Is this your living room?
Most of these cameras were set up with the default administrative user name and password unchanged, which makes hacking them and taking them over pretty simple. Then the hijacker can aim, focus, and pipe in music or other audio, including live commentary on your activity. For some interesting example of these activities, check out this article on Sophos.
As we get deeper into “the Internet of Things” it is important to take steps to change the default login credentials on these devices. Yes, I know, more to keep track of, but you can always resort to attaching a label with the new user credentials to the device, so you can find it later. Let’s face it, if they can read the label, you have other problems.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com