We Can See You Haven’t Changed Your Webcam Password

Source: The Register We Can See You Haven’t Changed Your Webcam Password

Seriously People, Change The Password Your Kit Ships With!

You would think with sites like Insecam.org being relatively well known that the lesson to change your webcam’s default password is at least as important as changing your default router password.  Unless you are a serious exhibitionist, the chances are that you don’t want people watching you carry out your daily routine via your webcam but that is exactly what you are doing if you didn’t take that one simple step.  There are enough hard coded passwords and architectural vulnerabilities in the IoS to worry about, without making it that easy for someone to watch you online.

Insecam is at least nice enough to check streams for private or unethical content before linking to them, and allow people to report any they missed for removal.  They even tell you how to get off of their page; just change the default password on your camera!   Unfortunately not everyone is quite so ethical, which is why it is a blessing we have white hats out there who will disclose successful breaches to webcam companies when they find them.

Case and point is the recent breach of 150,000+ Verkada webcams at a wide variety of hospitals, police stations and even Tesla for that matter.  In this specific case it wasn’t even the users fault, Verkada left an admin account username and password available in plain text buried on their site.  Armed with that password these hactivists were able to access all of their cameras.   If you are curious, the user was admin and the password was the same one that could be used to unlock some very famous luggage.

It is hard as a user to protect themselves from the stupidity of a manufacturer but changing the password on your new nanny cam or doorbell is a first step.

Those cameras belonged to a whole host of organisations, according to the Bloomberg financial newswire, including: Tesla; Cloudflare; hospitals; police stations; prisons and, allegedly, more.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

2 Comments

  1. razor512

    Thy wouldn’t have gotten compromised if they used 123456 instead. That 6 makes all of the difference; supercomputers would have spent decades trying to figure that out.

    Reply
  2. Operandi

    I install these on professional level and I’m not sure I’ve ever even heard of Verkada but it looks like they are relatively new and cloud based (NVR less) solution so that would explain why. Their market share is probably sub 1% and the only reason anyone takes notices of this is cause “cloud”.

    Unsecured passwords aside cloud based security cameras sounds like awful idea in general and I can’t imagine anything like this would pass in health care environment.

    Reply

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!