From the Security Experts

January 19, 2011

Unsecured IP Cameras Can Provide Anyone a Voyeuristic View of the World

By SIP Trunking Report Contributor

Unless you live in an extremely rural area, chances are good that you are on camera nearly every day of your life. Surveillance systems have been installed everywhere – your local coffee shop, retail stores, even in your neighbor's driveway.

One of the main reasons for the proliferation of surveillance use is the rapid adoption of IP cameras, which are much less expensive and easier to manage than legacy analog surveillance systems. With the availability of this new technology, nervous shop owners and police chiefs no longer need a central recording system – they can simply stream video onto a network and access it from any place, at any time.

While this transition toward IP-based systems sounds like a positive step for users of surveillance technologies, it is creating some underpublicized security concerns.

Tom Conner, a freelance journalist writing for Ars Technica's Gear and Gadgets page, recently did some research to find out how vulnerable these new surveillance systems are, and the results were staggering.

As Conner found out, anyone with a "five-year-old’s knowledge of the Internet" can quickly access hundreds of unsecured IP cameras from around the world.

To see what he could find, Conner grabbed a list of well-known security camera manufacturers and starting plugging them into Google.

"The secret is in the search itself," he wrote. "Though a standard Google search typically won’t find anything out of the ordinary, pairing advanced search tags (“intitle,” “inurl,” “intext,” and so on) with names of commonly-used cameras or fragments of URLs will provide direct links to watch live video from thousands of IP cameras."

As an example, Conner queried the term "Live View / - AXIS 206M," and found three pages of links that send users to live streaming feeds of totally unsecured surveillance video. Simply by watching the content of some of the feeds, Conner could tell that the majority of them were meant to be private.

Within minutes of jumping on Google, Conner found himself watching live footage from college campuses, balconies in Europe, aquarium tanks and businesses from around the globe. He was able to tap into the security feeds of jewelry stores, retail shops and even three red light cameras in Eastern Texas.

"Once a camera has been accessed in this way, someone with the time and inclination could possibly get into the cameras’ admin settings to move it (if it was a PTZ) or even change the triggering settings to prevent it from capturing images when it was supposed to do so," he wrote.

Apparently, Conner is not the first person to try this trick. Several online communities and forums have popped up recently that offer Google-ready search strings for people who are interested in doing some voyeuristic snooping.

What baffled Conner most of all is the fact that securing these networks and cameras is a rather straight-forward step. A number of businesses, schools and even government agencies simply aren't doing it.

In related news, a U.K. company called Internet Eyes recently launched a new service that allows citizens to watch closed-circuit video of U.K. stores. People who sign up (and pay) for the service receive monthly prizes and rewards for alerting business owners of suspicious activity that is occurring in their stores.

Want to learn more about Session Initiation Protocol? Be sure to attend the SIP Tutorial Conference collocated with TMC’s ITEXPO East, taking place Feb 2-4, 2011, in Miami. The SIP Tutorial, co-sponsored by TMC Partner Crossfire Media, is a full day training program that will focus on SIP technology from SIP messaging, though Server types, Security, Firewall and NAT operation, SIP Trunking, Troubleshooting and SIP in Unified Communications. To register, click here.

Beecher Tuttle is a TMCnet contributor. He has extensive experience writing and editing for print publications and online news websites. He has specialized in a variety of industries, including health care technology, politics and education. To read more of his articles, please visit his columnist page.

Edited by Tammy Wolf