Are Peeping Toms Watching You Through Your Webcam?
Block the prying eyes of hackers with these expert tips for securing your home webcam
It was a shocking revelation: The views from some 73,000 webcams around the world, including about 11,000 webcams that showed the interiors of American homes, were on display through a Russian website that was open to anyone.
People could watch a baby in a crib, children playing in the living room — many typical household scenes had become unintentional reality TV. There were even live video feeds of daycare centers, offices and stores.
Word of the unfettered access got out by the beginning of 2013. But by the end of 2014, when news of the hackings hit major media outlets, few webcam owners had done anything to secure their feeds.
How were the webcams hacked? It’s simple: People weren’t changing the default passwords. With user names like "Admin" and passwords like "Admin," anyone could log into these cameras.
Because of the way the way Internet Protocol cameras (which include baby monitors) transmit information, robots that crawl the web can discover them. And programmers can try to access them by using the default passwords. (Cameras that are plugged into USB ports are not affected.)
A voyeur eyeballing your home and kids is awful enough, but these spies could use what they see for darker purposes. They may be watching you type passwords on your computer to steal your identity, for example, or documenting actions that you or your employer might find embarrassing to use as blackmail. In theory, a hacker could share videos of you in compromising situations (like being undressed, picking your nose or worse) with your friends and colleagues. Thieves could note your habits to determine the best time to break in — and learn your house’s alarm code by watching you input it.
News of the Russian website served as a wake-up call to some. New York's attorney general issued a detailed warning to consumers in December 2014.
“Using simple software, anyone can identify operational IP cameras whose default security settings have not been changed,” wrote Attorney General Eric T. Schneiderman in the press release. “From there, a hacker could gain access to the camera’s settings using the default login credentials and not only view the camera’s live feed, but also identify the geographical coordinates of the camera. The hacker can also pan, tilt and zoom the camera to view different parts of the user’s home or business, and change the device’s settings so that the camera’s owner is no longer able to control it.”
Schneiderman also noted, "As we increasingly rely on web-based services, we must all take additional steps to inform ourselves of any dangers and protect our privacy. By following some simple steps and taking basic precautions, consumers can keep their webcam feed out of the reach of hackers and improve their security."
Internet security experts recommend you take the following steps if you have a webcam connected to your network:
- Immediately change the user name and password to a unique combination. You can find tips on creating secure passwords here.
- If your camera can use data encryption, make sure that feature is turned on.
- Install an updated anti-virus and anti-spyware program, and use a firewall.
- If you access your camera feed through a mobile app, don't connect to it over an unsecured public WiFi network. (Similarly, you’ll want to use care when using your phone or tablet over a public WiFi network. Learn how to secure those devices here.)
- Update the software for your devices to ensure they have the latest security changes.
- Don't trust technology? Put a piece of masking tape or even a Post-it note over the camera when you're not using it.