Insecure IP cameras: tap into surveillance cameras in the browser

There are countless IP cameras, surveillance systems that can be integrated into the WLAN, and similar technology on the market that can easily be hacked if insufficiently secured. In the 21/2017 issue, ComputerBILD showed some unsafe manufacturers and models of WLAN surveillance cameras. Under the headline "Sloppy protection. Deceptive security.“There was also an indication of how easy it is to select insecure IP cameras directly in the web browser and call up their images / video streams. Apparently there are 700 unprotected cameras in Germany alone.

Insecure IP cameras: Big Brother is everywhere!

By sloppy programming, according to ComputerBILD, manufacturers of surveillance cameras ensure that they monitor the house, apartment, garage, office or garden and make pictures / videos available to the user, but also make them accessible to criminals. Sure, a surveillance camera scares off many so that they don't even attempt a break-in. But if intelligent criminals discover insecure IP cameras, they can be tapped. The hackers (or beneficiaries of hacking offers) can then see when nobody is at home and which area is being monitored.

Alternative to the IP camera: Game camera for surveillance

Passwords, mail addresses, FTP access, etc. become visible

If a manufacturer skimps on security, then insecure IP cameras can do more damage than they prevent. Because, on the one hand, cheap surveillance cameras already offer the images of which can be sent via WLAN to the Internet or to a smartphoneApp arrive, many functions such as night vision, etc., but the corresponding data lines are often poorly secured. In addition to image transmission, cybercriminals (according to ComputerBILD) can theoretically also access WLAN passwords, e-mail addresses and data transmission protocols (FTP, File Transfer Protocol). Digital security is thus given up on the user side.

Surveillance without WiFi: SecaCam HomeVista in the test

Insecam: Tap into unprotected surveillance cameras

In the article of the named trade journal you can find the reference to a website with the address insecure.org. Here you can find pictures and streams from tapped IP cameras all over the world. An elevator in the USA, a swimming pool in the Czech Republic, a fast food restaurant in Vietnam or a private apartment in Hong Kong? All this and more can be called up there using the preview images:

The offer on the Big Brother site, on which you can sort the unauthorized surveillance by country, manufacturer, time zone, etc., is presented entirely in business style. As if tapping insecure IP cameras is the most normal thing in the world. I once translated part of the text on the homepage from English into German:

"Welcome to the Insecam project. The world's largest directory of online surveillance cameras / security cameras. Select a country to view live street, traffic, parking, office, beach and Earth online webcams. Now you can search for live webcams all over the world. You can find Axis, Panasonic, Linksys, Sony, TPLink, Foscam and a host of other network video cams available online without a password."

In the FAQ of the site there is a note that the cameras whose pictures and videos are made available have not been hacked. They just don't have a password and can therefore be accessed by anyone and from anywhere. In addition, no built-in webcams or USB webcams are affected by the site and its offer.

Shodan: Unprotected smart devices end up on the internet

In the above-mentioned article in ComputerBILD 21/2017 there is also a reference to the shodan.io website. This site proudly presents itself as "the world's first search engine for internet connected devices". So if you use the Internet of Things (IoT) with your household appliances, garage doors, lights, blinds, etc., you might find your unsafe devices here again - according to ComputerBILD, 500 million devices are already listed!

Series in which a smart home is doomed: Mr Robot (Amazon Exclusive)

Manufacturers have to offer more security

Insecure IP cameras, i.e. WLAN surveillance cameras that users can call up via the provider website or app on smartphones and tablets, are not always secure. Especially when the providers always use the same passwords for the software and give the user neither the hint nor the chance to change the access data. Some manufacturers / brands such as Gigaset and Maginon want to solve their problems with firmware updates. So if you use an IP camera, then update it soon. AND: Read the operating instructions carefully. Because sometimes there are hints of possible safety precautions.

Conclusion on unsafe surveillance cameras

Insecure IP cameras are apparently not uncommon and you should always pay attention to individual password protection with the Internet of Things (IoT) and the integrated devices of your smart home. Before buying, it is better to ask the manufacturer how the systems are protected, whether the data lines are encrypted and so on.

Have you ever had to deal with insecure IP cameras or have you unwittingly opened the gates for criminals? Feel free to leave a comment on the topic!

Source website

Johannes Domke

After graduating from high school, Johannes completed an apprenticeship as a business assistant specializing in foreign languages. But then he decided to research and write, which resulted in his independence. For several years he has been working for Sir Apfelot, among others. His articles include product introductions, news, manuals, video games, consoles, and more. He follows Apple keynotes live via stream.