NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Peeping into 73, 000 unsecured security cameras thanks to default passwords

Peeping into 73,000 unsecured security cameras thanks to default passwords

(Network World): http://www.networkworld.com/article/2844283/microsoft-subnet/peeping-into-73-000-unsecured-security-cameras-thanks-to-default-passwords.html

    "There were lots of businesses, stores, malls, warehouses and
     parking lots, but I was horrified by the sheer number of baby
     cribs, bedrooms, living rooms and kitchens; all of those were
     within homes where people should be safest, but were awaiting
     some creeper to turn the "security surveillance footage" meant
     for protection into an invasion of privacy ... So many cameras
     are setup to look down into cribs that it was sickening; it
     became like a mission to help people secure them before a baby
     cam "hacker" yelled at the babies ... I'm unwilling to say how
     many calls I made, or else you might think I enjoy banging my
     head against the wall. It was basically how I spent my day
     yesterday. Too many times the location couldn't be determined,
     led to apartments, or the address wasn't listed in a reverse
     phone search. After too many times in a row like that, I'd switch
     to a business as it is much easier to pinpoint and contact ...
     One call was to a military installation. Since the view was of
     beautiful fall foliage, it seemed like a "safe" thing to find out
     if that camera was left with the default password on purpose.
     Searching for a contact number led to a site that was potentially
     under attack and resulted in a "privacy error." Peachy. Then I
     had two things to relay, but no one answered the phone. After
     finding another contact number and discussing both issues at
     length, I was told to call the Pentagon! Holy cow and yikes! ...
     Managers, don't shoot the messenger; a person out to hurt you
     might dig into a Linux box with root, but no exploit or hacking
     is needed to view the surveillance footage of your unsecured
     cameras! It's exceedingly rude to yell or accuse a Good Samaritan
     of "hacking" you.  If your cameras are AVTech and admin is both
     username and password, or Hikvision "secured" with the defaults
     of admin and 12345, then you need to change that. Or don't and
     keep live streaming on a Russian site."

 - - -

Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
 - Network Neutrality Squad: http://www.nnsquad.org 
 - PRIVACY Forum: http://www.vortex.com/privacy-info
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Member: ACM Committee on Computers and Public Policy
I am a consultant to Google -- I speak only for myself, not for them.
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein 
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
nnsquad mailing list