I’ve been hearing stories about baby cams, nanny cams, laptop cams, computer cams, and inexpensive home security cameras that have been hijacked due to poor or non-existent security setting, and set up for viewing on the camera feed aggregation site www.insecam.org. These feeds are not just nurseries, but bedrooms, living rooms, and a variety of exterior locations. These feds also display GPS coordinates, which makes it trivial to find the exact location of the feed source. See an example below: Is this your living room?
Most of these cameras were set up with the default administrative user name and password unchanged, which makes hacking them and taking them over pretty simple. Then the hijacker can aim, focus, and pipe in music or other audio, including live commentary on your activity. For some interesting example of these activities, check out this article on Sophos.
As we get deeper into “the Internet of Things” it is important to take steps to change the default login credentials on these devices. Yes, I know, more to keep track of, but you can always resort to attaching a label with the new user credentials to the device, so you can find it later. Let’s face it, if they can read the label, you have other problems.