All the latest UK technology news, reviews and analysis


Security cameras continue to pose snooping risk

06 Mar 2013
cctv22

Over a year after it emerged businesses and consumers were exposing themselves to being snooped upon when researchers uncovered a flaw in some IP security camera that let internet users access feeds, it appears the lessons have not been learnt.

Security researcher Adrian Hayter told V3 that he was able to access hundreds of publicly accessible IP camera feeds via a simple spot of Googling and a bit of knowledge about what to look for.

He used the results to create a snapshot of the feeds available – which included cameras targeted at mundane subjects, like parking lots, to ones focussed on strip club stages and even on babies cots. Hayter manually checked the feeds he discovered to remove any ones pointing at children's beds or cots – but others may not be so scrupulous.

“The feeds inside people's houses obviously create privacy issues,” to said. “Work-based cameras could be used in social engineering attacks."

“With the feeds featuring children sleeping or getting dressed, you may have the parents unintentionally creating and broadcasting illegal images.”

Hayter has even been able to work out the location of the cameras, using GeoIP data.

This issue first sprung to life when it emerged that IP camera maker Trendnet had sold 22 models of camera between April 2010 and February 2012 that had failed to adequately restrict the access to feed URLs, meaning any snooper could pry using the camera via the internet.

Trendnet has since addressed the flaw, recalled cameras affected and introduced a firmware update to address the problem.

It said that only around seven percent of the feeds uncovered by Hayter were from its cameras.

“Of the potential Trendnet cameras a significant portion of them may be intentionally opened for web viewing,” a company representative told V3.

However, Hayter disagreed with this assessment.

“Some of the feeds were meant to be displayed, but certainly not the majority of them,” he countered.

“One only has to page through the viewer to see just how many are monitoring living rooms, office workers, workshops, garages, etc. I don't believe for an instant that the people who set up those cameras intended them to be accessible.”

The problem does not just affect Trendnet, many of the feeds were from other camera makers, such as Sony and Panasonic, says Hayter.

But what's even more worrying is the public accessibility of feeds that allow snoopers to actually control camera functions, such as panning and zooming – in some cases allowing extremely high definition close-ups.

“The resolution is often so good that you can zoom from several meters away and read things written on post it notes,” says Hayter.

Hayter presented his work at a recent security conference in London. His slides can be seen below.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
More on Security
What do you think?
blog comments powered by Disqus
Poll

Microsoft Azure outage

Is cloud computing reliable enough for business yet?
17%
8%
17%
58%

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Solution analyst - Birmingham

Solution analyst - systems analysis / business analysis...

ERP Systems Lead

An excellent senior career opportunity for the right...

PHP Developer - CodeIgniter

PF&S Ltd. are market leaders in reclaiming tax back...

Junior Technical Support Analyst

About us: Payment Express is a high-growth, innovative...
To send to more than one email address, simply separate each address with a comma.