The internet has millions of eyes and if you’ve got an unsecured web cam – one of those eyes is looking at you and your stuff.
And what’s worse is criminals can also be watching you.
People originally installed those cameras intending to make themselves more secure.
But unless you take the right precautions, your attempts at security are making you more vulnerable to security breaches.
CBS 17 consumer investigator Steve Sbraccia found out there are thousands of unsecured cameras on the web that prying eyes can and do look at daily.
Here’s just one example:
Sbraccia found a security camera overlooking RDU International Airport and watched it in real time on his tablet through a website that allows access to unsecured web cams.
And it’s not the only cam out there.
Your home. Your front porch. A classroom.
And thousands of other places are available at the click of a mouse.
Open access to personal web cams is a dirty little secret on the web.
“We first started hearing about this a decade ago when web cams started coming online for people to have at home,’’ says Rob Downs, the CEO of Managed IT Solutions in Raleigh.
And there are lots of websites like Insecam that offer you a peek into what’s estimated to be 73,000 unsecured web cams world-wide.
What they offer isn’t hacked and isn’t illegal.
It’s just unsecured – meaning anyone can see it including criminals.
“People scan the internet all the time looking for holes in people security and they find these cameras,” said Downs.
So how does this unwanted access happen?
Sbraccia learned because most people just unwrap and use.
Security expert Craig Petronella of Petronella Technology Group said you shouldn’t just take a camera out of the box and use it with it’s factory settings intact.
“You have to configure it,’’ he said. “It has a default user name and password and after you get it all set up, you want to change the password to something complex and secure otherwise some can go in through the internet and get into that camera.”
Petronella estimates up to 80 percent of people don’t bother changing the default settings on their home cameras.
If you change the name and password of the device, you’ll see it actually go black on websites likes Insecam.
“It will completely come off the website,” Petronella said.
If left unsecured, anyone can even move and zoom your camera remotely and who knows what they’ll see.
But worse than that is your internet address is accessible to criminals.
Petronella says the bad guys figure out through an IP address where that camera is located.
“They’ll use meta-data and GPS to piece things together,” he said.
So, while you think surveillance video of your front doorstep is generic, the criminals can figure out where your front door is.
There is hope on the security horizon.
Newer cameras work a different way.
“A ‘nest camera’ or ‘ring camera,’ they go to a central server and all the data that passes between the device and server is encrypted,” said Downs. “Those cameras won’t be hacked.”
But there’s still a decade’s worth of vulnerable cameras out there available to any prying eyes.
Web cams are part of what’s called the internet of things – like smart appliance and thermostats.
Want to know what else you own is accessible to the public?
There’s a website called Shodan which allows you to monitor the internet of things to discover which of your appliances, cameras, and other devices are connected to the Internet, where they are located and who is using them.
The website is very powerful and has various degrees of sophistication allowing everyone from laymen to computer professionals to find what they need on the “internet of things.”
Shodan has an online help page which explains all that it can do and how you can do it.