Over a year after it emerged businesses and consumers were exposing themselves to being snooped upon when researchers uncovered a flaw in some IP security camera that let internet users access feeds, it appears the lessons have not been learnt.
Security researcher Adrian Hayter told V3 that he was able to access hundreds of publicly accessible IP camera feeds via a simple spot of Googling and a bit of knowledge about what to look for.
He used the results to create a snapshot of the feeds available – which included cameras targeted at mundane subjects, like parking lots, to ones focussed on strip club stages and even on babies cots. Hayter manually checked the feeds he discovered to remove any ones pointing at children's beds or cots – but others may not be so scrupulous.
“The feeds inside people's houses obviously create privacy issues,” to said. “Work-based cameras could be used in social engineering attacks."
“With the feeds featuring children sleeping or getting dressed, you may have the parents unintentionally creating and broadcasting illegal images.”
Hayter has even been able to work out the location of the cameras, using GeoIP data.
This issue first sprung to life when it emerged that IP camera maker Trendnet had sold 22 models of camera between April 2010 and February 2012 that had failed to adequately restrict the access to feed URLs, meaning any snooper could pry using the camera via the internet.
Trendnet has since addressed the flaw, recalled cameras affected and introduced a firmware update to address the problem.
It said that only around seven percent of the feeds uncovered by Hayter were from its cameras.
“Of the potential Trendnet cameras a significant portion of them may be intentionally opened for web viewing,” a company representative told V3.
However, Hayter disagreed with this assessment.
“Some of the feeds were meant to be displayed, but certainly not the majority of them,” he countered.
“One only has to page through the viewer to see just how many are monitoring living rooms, office workers, workshops, garages, etc. I don't believe for an instant that the people who set up those cameras intended them to be accessible.”
The problem does not just affect Trendnet, many of the feeds were from other camera makers, such as Sony and Panasonic, says Hayter.
But what's even more worrying is the public accessibility of feeds that allow snoopers to actually control camera functions, such as panning and zooming – in some cases allowing extremely high definition close-ups.
“The resolution is often so good that you can zoom from several meters away and read things written on post it notes,” says Hayter.
Hayter presented his work at a recent security conference in London. His slides can be seen below.