One morning, a mother in Houston, Texas, woke up to an alarming text from a friend. Was this a picture of her daughter’s room? The friend wanted to know. The picture had surfaced on Facebook, but the disturbing part was that it was actually a still from a live feed of her daughter’s room. The feed came from a free app called Live Camera Viewer, and the picture only reached the mother because another woman had accidentally stumbled upon it while searching for live satellite images of possible vacation destinations.
The Houston mother had installed an IP camera in her daughter’s room to keep a watchful eye on her, and the terrifying irony was that the same camera ended up serving as eyes for an unknown number of intruders into their private lives. Somewhere, someone was watching her daughter play, sleep, and get dressed.
The breach was stunningly simple. All it took was for her daughter to unwittingly enter an unprotected Minecraft server, where she became an easy target for malicious actors.
IP cameras are especially vulnerable because they use generic IP addresses and public websites, where there is only a username and password guarding control of and access to the camera. More disturbingly, Symantec’s Security Response team recently found that the most common passwords malware used to attempt to log into IoT devices – which includes IP cameras – were a combination of “root” and “admin.” These are the default passwords, and they are frequently never changed, leaving the cameras wide open to attack and the inside of users’ homes vulnerable to outside spying.
Unfortunately, you could change your password and still be vulnerable. Back in 2012, a bug in Trendnet’s firmware allowed practically anyone to access feeds from the company’s cameras. The firmware contained code that could be appended to the camera’s IP address, creating a URL to the feed that bypassed password authentication entirely.
1. Change your default username and password
The first thing to do with a new IP camera (or even an old one) is to change your default username and password immediately.
2. Keep your camera’s firmware updated with the latest security patches
How easy it is to update your camera’s firmware depends on its manufacturer. You might need to visit its official website and check for security updates to manually download and install.
3. Don’t connect the camera to an unsecured wireless network
It won’t do any good to secure your IP camera if your Wi-Fi network is not secure. Change your router’s default username and password as well.
4. Just don’t put the camera in an area where you don’t want to be seen
Finally, you can do everything to secure your IP camera and still fall prey to zero-day vulnerabilities. The best way to stay safe is still not to point it where you don’t want to be seen.