Researcher discovers 15,000 private webcams that can be possibly exploited
- Wizcase, a firm that evaluates cybersecurity products, has uncovered 15,000 potentially accessible webcams, with many of them located inside people’s homes.
- These webcams are vulnerable to access and manipulation by hackers.
This was discovered by Avishai Efrat, a white hat hacktivist at Wizcase. These webcams include those belonging to various manufacturers including AXIS net cameras, Cisco Linksys webcam, and Mobotix among others.
These web cameras can be accessed by anyone in any part of the world, with just an internet connection. The settings and user privileges were found to be accessible in many of them.
- The vulnerable devices are located in many countries across the globe such as Australia, USA, Russia, UK, Italy, France, and Japan to name a few.
- Data belonging to individuals, institutions, families, places of worship and more are prone to be compromised by cybercriminals.
- Some of the camera feeds were seen to include the interior of shops, people talking, and even children peeking at the camera.
How did this happen?
“Web cameras manufacturers strive to use technologies which make the device installation as seamless as possible but this sometimes results in open ports with no authentication mechanism set up,” says the Wizcase blog.
It was observed that many devices weren’t secured by firewalls or VPNs, and no additional security measures were taken after installation.
It is essential that the webcams must be changed from default to more secure settings by the user. Wizcam also urges manufacturers to ensure stronger settings in the webcams they sell.
If in the wrong hands, access to such data is dangerous. The potential impacts are something to be aware of.
- The public availability of citizens' personal data is a major concern. Access to live feed of homes, including those of children being home alone, can result in an increased number of crimes.
- Competitors can access feeds to steal intellectual property.
- The web camera settings can be manipulated at any time.
- Feeds can be modified to erase traces of criminal entries or to manipulate it the way attackers want to.