[ISN] Google exposes web surveillance cams

InfoSec News isn at c4i.org
Tue Jan 11 01:45:01 EST 2005


By Kevin Poulsen, 
8th January 2005 

Blogs and message forums buzzed this week with the discovery that a
pair of simple Google searches permits access to well over 1,000
unprotected surveillance cameras around the world - apparently without
their owners' knowledge.

Searching on certain strings within a URL sniffs out networked cameras
that have Web interfaces permitting their owners to view them
remotely, and even direct the cameras' motorized pan-and-tilt
mechanisms from the comfort of their own desktop.

Video surfers are using this knowledge to peek in on office and
restaurant interiors, a Japanese barnyard, women doing laundry, the
interior of an Internet collocation facility, and a cage full of
rodents, among other things, in locales scattered around the world.

News of the panoptical search queries apparently began on a community
web forum, then spread to the widely-read BoingBoing weblog Wednesday
and Thursday.

In the past, geeks wanting to peek in on surveillance cams have driven
around with receivers and special antenna rigs to pick up signals from
wireless cameras.

One of the Google search strings circulating summons a list of nearly
1,000 installed network cameras made by Swedish-based Axis
Communications, the other turns up about 500 cameras sold by
Panasonic. Neither company could be reached after hours Friday.

According to their websites, both companies offer the ability to
password-protect the Web interfaces to their cameras, and Axis has a
feature that blocks access to webcams from all but approved Internet
IP addresses. t's not apparent whether the security features are
enabled by default. A FAQ on Panasonic's website includes a warning
that their network cameras may not be right for "sensitive
applications," and sports a broad disclaimer: "No specific claims are
made pertaining to specific levels of security the camera offers."

More information about the ISN mailing list