Remote-access cameras used for keeping an eye on babies (and their nannies) and home security are turning into nightmares for some people, because their unprotected feeds are being streamed on a Russia-based website called Insecam. Over 4,500 U.S.-based streams are now available on the site.
“Sometimes administrator (possible you too) [sic] forgets to set the default password on security surveillance system, online camera or DVR,” the site’s home page explains. “This site now contains access only to cameras without a password and it is fully legal. Such online cameras are available for all internet users.”
On the U.S.-based page, hundreds of cameras show living rooms and bedrooms. Many of the cameras appear to show hospital beds, indicating that they are used to watch the very ill. In Arizona, a day-care center affected by the site had its 16 cameras compromised and streamed online. And while the U.S. was hit hardest, thousands of European feeds were affected as well. As of Thursday morning, the site is streaming more than 2,000 French cameras, 1,500 from the Netherlands, and around 600 each from Italy and the U.K.
But Insecam’s administrators insist that the site is not malicious and simply intends to bring attention to an existing security problem many may not otherwise consider. It affects CCTV, Linksys, and some other types of IP cameras that either don’t have passwords or whose owners haven’t changed them from the default “admin:admin” and “admin:12345.”
“This site has been designed in order to show the importance of the security settings,” the website’s home page reads. “To remove your public camera from this site and make it private the only thing you need to do is to change your camera default password.”
That assurance is just a little harder to believe when it won’t stop streaming the children and infirm.