While many people install home IP surveillance cameras to feel safe, a creepy new site has surfaced to exploit those who have yet to change the default password. Known as Insecam, the site tracks tens of thousands of IP cams without custom passwords and serves them up so anyone can watch the feed. While the site claims it is simply bringing awareness to those with default passwords, allowing the entire internet to watch someone in their living room without them knowing it probably isn’t the way to do it.
The site has seemingly hacked into 73,000 cameras from all over the world including parking lots and exterior locations as well as inside people’s homes. It seems to be able to tap into a wide range of models from various manufacturers. There are more than 11,000 cameras in the US available for streaming on the site right now. It appears the group has some kind of automated process that adds thousands of IP cameras everyday.
The unknown owners of the site, which is registered with GoDaddy and linked to an address in Moscow, claim it has been “designed in order to show the importance of the security settings.” The group also says in order to remove your camera from the list, “the only thing you need to do is to change your camera password."
Regardless of the potential motives to make such a service available, it certainly does’t seem like a very effective way to do it, and reports suggest it is a clear violation of the Computer Fraud and Abuse Act. It's hard to believe the site, which is littered with ads, is supposed to be anything more than a way to make money, with none of the owners being notified. It is probably a good idea to change your IP cam’s password just in case, and be sure to let your friends and family who may still be using a default option know as well.