The prevalence of IP-enabled cameras on digital devices, such as web cams on laptops, modern baby-monitors and home security kits are handing easy access to bored computer-savvy teenagers, internet perverts and criminals as users fail to change the default passwords.
Former Liberal electoral candidate and BBC man Christopher Graham, now the nation’s ‘privacy Tsar’ has made the warning about long-known weaknesses in domestic security equipment amid a national debate on government interference in the internet.
The new director of Britain’s communications spying organisation, GCHQ made this month an impassioned plea for internet companies like Facebook and Twitter to submit to greater government scrutiny, what he called “cooperation”. Director Hannigan said in an article for the Financial Times: “we need a new deal between democratic governments and the technology companies in the area of protecting our citizens”.
Information Commissioner Graham used a Russian website as an example of the weakness, which provides a directory of thousands of unsecured internet cameras, including hundreds of modern security cameras and baby monitors installed in the United Kingdom.
These live feeds of peoples homes and offices are available freely on the website because the camera owners have failed to change the default settings on the equipment. Although manufacturer instructions almost always advise the passwords be changed upon set up, many do not, leaving their home vulnerable to anyone with access to a list of common defaults, which can be as simple as the word ‘password’, or the model number.
Although the website and the information contained therein could be used to spy on the ordinary public who in taking steps to protect their homes have actually invited the internet in, the web-master insisted his motives were purely altruistic. Speaking to Sky News, the purported administrator said by making the data freely available he was hoping to bring the problem of unsecured digital devices to the mass media, which would in turn encourage users to be more careful with what they set up in their homes.
The unnamed administrator said: “All these cameras were viewed by a lot of users and (the) camera’s owners have no chance to know about it for many years… Only mass media can help users to understand the importance to set a password”. He added that he wouldn’t take down the site until people had got the message and placed proper passwords on their cameras.
If his word is to be taken at face-value, the website appears to be having the desired affect. Since the website was reported in October the number of British web-cams accessible on the directory dropped from 1,764 to 584 as alarmed owners switch off or reconfigure. Regardless, Commissioner Graham has insisted that were it hosted in the UK the website would have been illegal, and the Government would be appealing to the Russians to shut it down.
While no internet-enabled camera is theoretically impervious to a hacking attack, at least changing the default passwords will prevent casual voyeurism of the sort allowed by public websites. A spokesman for the Information Commissioner’s Office helpfully opined: “As a last resort, you can always cover the lens if you don’t want to use the camera all of the time”.