Have you checked your webcam lately?
Hackers have created a website to hijack the webcam feeds of more than 73,000 people, including hundreds from Canada — and apparently at least four from Ottawa — and are sharing those video feeds with peeping Toms the world over.
The hackers’ website, believed to be based in Moscow, has collected live feeds from webcams around the world, showing the daily goings on within people’s homes, daycares, businesses and thousands of other locations. The site has 243 webcams that it claims originate in Canada.
One camera, which has geolocation data claiming that it originates in Orléans, shows the inside of someone’s kitchen where a load of groceries appears to have been dumped on the countertop. Another, located in a person’s apartment downtown, showed an orange-clad woman sitting at a table for a good part of the afternoon. A third simply monitors an Ottawan’s front driveway, while the fourth stands guard over somebody’s back door.
Ottawa wasn’t hit as hard as many other cities. One hacked camera in Arizona was tapped into a daycare showing the daily activities and napping routine of a group of toddlers.
The hackers have been able to access the live feeds as a result of lax security practices by the webcam owners.
[caption id="attachment_389919" align="aligncenter" width="640"]
This screen grab is from the website of the Russian hackers.[/caption]
Technology that has the ability to connect to the Internet comes with standard usernames and passwords that are readily available online. It’s up to the individual owner to change the login information when they get their camera, wireless printer, router or other Internet-connected device.
In the case of this site, the webcams are all using default login names and passwords such as “admin” or “1234,” which made the job of snooping on the feeds easy. On the site, the hackers behind say all a person has to do to take their webcam off the site is change the default password on the device. Doing so will block access to the hackers and see the camera pulled from those that are indexed.
Such websites “highlight the importance of password hygiene,” said Mark Nunnikhoven vice-president, Cloud & Emerging Technologies at security firm Trend Micro.
“The default password that any Internet-connected device ships with is trivial to locate. Leaving the default in place allows this type of site to be created through very basic scripts. After a simple web crawl and login attempt you can access these devices remotely and most likely without the owners’ knowledge.”
Nunnikhoven said that last year Trend Micro saw a very similar hack used to gain access to video and audio conference technology at several corporations. He said people need to become accustomed to creating passwords for their devices and changing those passwords regularly to prevent intruders from gaining access to their personal information.
The hack of the cameras comes on the heels of a warning from security researcher Avast Research in the United States. Avast warned computer users on Nov. 4 that after surveying more than 2,000 households across the U.S., more than 50 per cent were either using default logins and passwords that shipped with the router, or had no password protection on them at all. The study also found that a further 25 per cent of network routers were using the person’s address, street name or phone number in order to login.
Canadian statistics were not available, however if this latest incident is any indication, lax passwords and less than ideal security standards are an issue that affect Canadians as well.
“Unsecured routers create an easy entry point for hackers to attack,” said Vince Steckler, chief executive officer at Avast. “Our research revealed that a vast majority of home routers in the U.S. aren’t secure. If a router is not properly secured, cybercriminals can easily gain access to an individuals personal information, including financial information, user names and passwords, photos and browsing history.”