Press Release by WPIX11
Private webcams not so private after all
Security expert warns private webcam hacking another reminder to take cyber security seriously
News that a company had hacked into thousands of supposedly private webcams around the world came as no great surprise to Raj Goel, an Internet and cyber security expert.
A Russian hacker group is posting links to webcams live online where anyone can see what the cam feed is showing. No more hacking is necessary. It’s click and watch, Mr. Goel said.
“What they did was simple. They looked for web cams that either had no security or minimal security. Then, they posted a link to the feed on Insecam. Anyone in the world with web access can see what’s going on,” he said.
Goel was interviewed by New York television station PIX 11, http://pix11.com/2014/11/11/hackers-set-up-live-streaming-website-for-over-100-nyc-private-webcams/. He showed the audience what some of the cams show, including the bedroom of small children who were sleeping.
Beating the hackers takes a little time and ingenuity, he said. The first step is to make sure the feed is as secure as possible over the monitoring lines. That’s as easy as changing default connections in the camera system and setting up protocols to allow access only from certain locations.
“I understand that some people do need to have real-time remote monitoring of their camera system. Talk to the people who install and maintain the system and ask them to set up security protocols to access the system,” he said. “This includes strong passwords and even double verification. Having to go through a multi-step verification to see what the cameras see may be annoying, but i’s better than letting the world see what should be private.”
If remote monitoring is not needed, Mr. Goel suggests setting up a closed-circuit camera system. With no way to access it from it the outside, it cannot be hacked.
The hacked cameras are focused on businesses and in homes, including private places like bedrooms. Whatever the cameras see goes out live to the rest of the world.
“Too many people believe if they install a webcam system, that’s all they need to do. They use the cameras for security, never realizing they are actually increasing their risk tremendously,” Mr. Goel said.
By watching the webcam feed, property criminals can learn when people are present and when they are gone. They can plan a burglary around those times. Mr. Goel said the webcams are also useless because they have been compromised.
“Once a hacker gets access to the system, they can turn off the camera, possibly erase the footage and if the camera’s aim can be remotely controlled, it can be turned to the ceiling to avoid getting images of the thieves,” he said.
Beyond that, the hackers can also watch what goes on. The idea that bedroom activities may be viewed is disturbing to some, but it gets worse.
“They can watch you at the computer. They can see your keystrokes and know exactly what your passwords are or make very educated guesses about your passwords. If they see you access a site and can’t make out exactly what you type, they can count the keystrokes. Knowing how many characters your password has and the approximate location on the keyboard is a massive help to cyber criminals, he said.
For more information about cyber security and the threat of unprotected webcams, visit Mr. Goel online at http://brainlink.wpengine.com.