A few nights ago, I was enjoying a Discord call with my buddies. My Singaporean friend shared how he used to work at a daycare that gave him access to their security camera feed. Years after leaving that job, the daycare never changed the login, and he still was able to see what was happening there. If you think that's scary, just wait.
I, in turn, told him about how when I was a kid, I had found a website that listed thousands of unsecured cameras all around the world. You could see zoo exhibits, shopping malls, HVAC ducts, and even the front porches of people's homes through the lenses of these cams.
Unsecured in this case meant "secured" by default usernames and passwords. Which unsurprisingly, are not that hard to find on the internet. These cameras were also categorized by manufacturer, so all you had to do was Google the default logins for that specific manufacturer's camera and you were in. Those login prompts became less of a barrier and more of a challenge.
Back then, I was testing usernames and passwords manually - basic combos like "admin" and "123456". There are brute forcing tools out there that can test login credentials much faster. Once you were in, you could switch camera feeds, rotate the cameras in any direction, and even adjust zoom settings. Sure, it was cool watching traffic in Amsterdam or nested storks in Hanoi, but slowly the implications of what I was doing unnerved me.
Today, the United States remains the No. 1 country for unsecured cameras. What many do not realize, either out of ignorance or apathy, is that everyone is connected over the internet. Since everyone is connected, access to your IP cameras is available to all internet users if you leave them insecure.
Don't believe me? See for yourself. Sites like this exist all over the internet. Even Python tools on GitHub, such as Cam Hackers, index insecure CCTV cameras from all around the globe using Shodan. It's crazy how many vulnerable cameras are out there - just read this article to find out!
Security cameras are supposed to offer peace of mind, not a window for anonymous voyeurs to peek into your private life. It's one thing if a parking lot camera isn't locked down, it's another if a camera above your baby's crib isn't.
What's the easiest way to protect yourself from digital peeping Toms? Change your default usernames and passwords (and make them hard to guess). Many focus on securing their home safe physically, but few consider securing their home digitally. Nobody likes to be spied on, and in the modern age, that doesn't just mean with binoculars.
Stay safe out there!
Did you find this article valuable?
Support Jacob Marabelli by becoming a sponsor. Any amount is appreciated!