As many of you may have seen, the world of CCTV and security was rocked this week by high profile reports of a Russian website, on which was posted thousands of feeds from webcams, CCTV and IP cameras from around the world, including over 500 from the UK. The links claimed to offer anything from views inside retail properties to live feeds from baby monitors. Many manufacturers’ equipment was listed in the feeds, including cameras from such brand names as Foscam, Linksys and Panasonic, with the COO of Foscam promptly branding the hack “a gross violation of people’s privacy.” He went on to suggest that “just because someone leaves their window open it does not give permission for an unauthorized individual to set up a camera outside their window and broadcast the feed worldwide.” But just how new is this threat? And what is the best way to protect your IP camera from hackers?
Well, this is certainly the most public hack of this type we’ve seen, but in truth this is not a new phenomena. As long as people have been using live video feeds from cameras over the internet, troublemakers have been trying to hack in to them, usually as a prank but sometimes with more malicious intent. The anarchic messageboard 4Chan, for example, often has threads where users link to unsecured cameras. In the sadistic example shown below, a hacker uses the victim camera’s talkback feature to play The Police’s “I’ll be watching you”, leading to a rather panicked tech support call-
So is it a risk to use a network enabled CCTV or IP camera? Really no more than using your personal details for other online services such as email or internet banking. However- just like with those services- it is vital you follow a few simple tips to keep your camera feed as secure as possible. The most common way for such cameras to be hacked is simply for users to not change the default admin passwords to access the devices. this means that once a hacker knows the default password for one manufacturer’s equipment, they can access anyone who uses it without changing this. Those who follow the news may also recognise this as exactly the same way PIs working for News International hacked into people’s voicemail messages during investigations, and it really is one of the most common methods to take this kind of information.
Because of this, in the vast majority of cases, securing your IP camera feed really is as simple as changing the device’s default access password to a new, secure one as soon as you set it up. In all situations it’s important to remember the basic rules for creating a secure password:
- Make it at least 8 characters long
- Never use words that are related to your personal details or business name, and ideally don’t use any recognisable words at all
- Never use the same password for multiple accounts, and make sure your passwords are significantly different…that means not just adding “1” at the end of it!
- Always use a mixture of upper and lower case letters, as well as non-alphabetic characters such as numbers and punctuation if allowed
And finally a quick tip- if you have changed the admin password on a network enabled device, make sure you also update it on any additional devices you use to log in to that. For example, if you change your DVR’s password, make sure this is also updated in the app you use to view it on a smartphone, otherwise you won’t be able to log in yourself!