It's now possible to view vulnerable baby monitors on browser dedicated to searching for IoT devices


Posts: 6,786   +61
Staff member

In 2009, programmer John Matherly launched Shodan, a search engine that lets users search for devices that are connected to the internet. The program, which is named after the AI antagonist from the System Shock games, has previously made headlines for its ability to access dangerous, internet-connected systems such as traffic lights. Now, the browser is back under the spotlight after it recently launched a new section that let users browse vulnerable webcams.

According to a report from Ars Technica, security researcher Dan Tentler discovered that the feed included images of marijuana plantations, back rooms of banks, children, kitchens, living rooms, garages, front gardens, back gardens, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores.

"It's all over the place," he told Ars Technica UK. "Practically everything you can think of."

Shodan trawls the internet looking for any IP addresses with open ports. If it finds any that lack authentication and stream video, the new script will take a picture of the feed before moving on. The cameras are vulnerable because they use the Real Time Streaming Protocol (RTSP, port 554) to share video but have no password authentication in place.

One of the biggest fears with this vulnerability is that users could find images of sleeping children, as many parents now use smart baby monitors. The feed is available to paid Shodan members, but free accounts can also search using a specific filter.

The IoT market is continuing to expand. It’s estimated that by 2020, more than 34 billion internet-connected devices will be installed globally – more than four devices for every human on earth. Despite the rising popularity, the state of IoT security appears to be getting worse, not better. This is partly due to manufacturers implementing poor security and privacy features into their products to increase profit margins, and partly because of consumers not understanding the dangers of a vulnerable IoT device.

"The consumers are saying 'we're not supposed to know anything about this stuff [cybersecurity]," Tentler said. "The vendors don't want to lift a finger to help users because it costs them money."

Image credit: Piotr Adamowicz / Shutterstock

Permalink to story.


Uncle Al

Posts: 8,014   +6,783
Federal and International laws to protect against this and punish the intruders is long over due. Until we make it more costly to get caught hacking than to behave, it will persist. I am waiting for the day that China has mass executions for such crimes, but don't wait for it here. We won't even use capital punishment against those that will murder senior citizens by stealing all their life savings, force them out of their homes and under your neighborhood bridge. Just imagine if the money put into the Iraq war had been spent on defeating these people .... just imagine .


Posts: 1,199   +743
Is this hacking though? I think it's just trawling, looking for unprotected connections. One main point of this is to highlight how many webcams have no password protection, or where users do not change the default password. These connections do not need to be hacked.
The article mentions the general lack of security on the IoT market. That has long been my concern of the rapidly growing cloud market: Cloud != Security. Why would you put your information (such as a live feed of your sleeping children) out there without first checking who can view it? Are the general public really that thick? Or have we all become complacent? "Who would possibly want to target little old me?"