A new website has launched that allows people to watch live footage from insecure cameras. In this guest post, Simon Rice of the ICO issues a warning and explains how to protect yourself from prying eyes.
The website, which is based in Russia, accesses the information by using the default login credentials, which are freely available online, for thousands of cameras.
The footage is being collected from security cameras used by businesses and members of the public, ranging from CCTV networks to keep large premises secure, down to built-in cameras on baby monitors. And with 350,000 of these cameras sold in the UK alone last year, this is a threat that all of us need to be aware of and be taking action to protect against.
So what actions should you be taking right now to make sure people aren’t able to access the information being filmed by your device?
Change your default password
If you take only one security step when getting any new device, make sure it’s setting a strong password.
When you begin using your camera you may be given a simple default password that you’ll need to enter to get the device working. This might be blank or something as simple as ‘password’ or ‘12345’ but, even if it isn’t, the default passwords many manufacturers use are freely available online so make sure you get it changed. If the device doesn’t have a password, then you should set a strong password up.
Check all the available security settings
Most camera systems come with instructions explaining how to keep the footage you’re capturing secure. While it’s perfectly natural for you to want to set your camera up as quickly as possible, take time to read the manual and familiarise yourself with the security options available to you.
The ability to access footage remotely is both an internet cameras biggest selling point and, if not setup correctly, potentially its biggest security weakness. Remember, if you can access your video footage over the internet then what is stopping someone else from doing the same?
You may think that having to type in an obscure web address to access the footage provides some level of protection. However, this will not protect you from the remote software that hackers often use to scan the internet for vulnerable devices. In some cases, insecure cameras can be identified using nothing more than an internet search engine.
Turn off remote webcam viewing
If you have a camera in your home and have no intention of viewing the footage over the internet, then the best thing to do is to go into the device’s security settings and see if you can turn the remote viewing option off. Selecting this option will not normally stop you from viewing the footage using your home Wi-Fi network, however read the manufacturer’s instructions to see what controls are available on your device. As a last resort, you can always cover the lens if you don’t want to use the camera all of the time.
You should ensure you have strong passwords for your laptop, computer or tablet, and any cloud that your data may be stored on. Two-step authentication can also offer you an additional layer of security when logging into an online service.
We’re currently working with other global data protection and privacy authorities on collaborative action connected to the website showing unsecure webcam images.
Do you have a webcam that can be accessed remotely? What steps have you taken to protect yourself?
Which? Conversation provides guest spots to external contributors. This is by Simon Rice, ICO Group Manager for Technology. All opinions expressed here are Simon’s own, not necessarily those of Which?.