Security Cameras Still Open to Public

Tuesday, March 12, 2013 @ 05:03 PM gHale


By using Google and some simple smarts, it is still possible to gain access to publicly accessible IP camera feeds.

Security researcher Adrian Hayter used the results to create a snapshot of the feeds available – which included cameras targeted at mundane subjects, like parking lots, to ones focused on strip club stages and even on baby’s cots. Hayter manually checked the feeds he discovered to remove any ones pointing at children’s beds or cots – but others may not be so scrupulous.

RELATED STORIES
New Tool Shows Security Strength
Internet Facing Control System Alert
Utilities Under Daily Attack
Security Firm Finds Attack Signs

“The feeds inside people’s houses obviously create privacy issues,” Hayter said. “Work-based cameras could be used in social engineering attacks.”

Hayter has even been able to work out the location of the cameras, using GeoIP data.

This issue first sprung to life when it emerged that IP camera maker Trendnet had sold 22 models of camera between April 2010 and February 2012 that had failed to adequately restrict the access to feed URLs, meaning any snooper could pry using the camera via the Internet.

Trendnet has since addressed the flaw, recalled cameras affected and introduced a firmware update to address the problem.

It said that only around seven percent of the feeds uncovered by Hayter were from its cameras.

Of the potential Trendnet cameras, one company official said a significant portion of them may end up intentionally opened for web viewing.

Hayter said no. “Some of the feeds were meant to be displayed, but certainly not the majority of them.”

“One only has to page through the viewer to see just how many are monitoring living rooms, office workers, workshops, garages, etc,” he said. “I don’t believe for an instant that the people who set up those cameras intended them to be accessible.”

The problem does not just affect Trendnet, many of the feeds were from other camera makers, such as Sony and Panasonic, Hayter said.

But what’s even more worrying is the public accessibility of feeds that allow snoopers to actually control camera functions, such as panning and zooming – in some cases allowing extremely high definition close-ups.



Leave a Reply

You must be logged in to post a comment.