I have three webcams in my home that let me monitor what’s going on with our pets as well as watch for deliveries. And I’m glad that none of them use the default administrator password.
Why? Because those passwords are pretty common. If you know what they are and can scan the internet for webcams, you can actually view images from cameras that aren’t yours. That’s exactly what’s going on at Insecam.com where more than 73,000 webcams around the word are being broadcast live.
According to Neowin where I first read about this debacle, the site is allegedly trying to highlight the security hole on these devices, more than 11,000 of them being in the U.S. And it claims it will remove anyone’s webcam from the page, although the easier thing to do is simply change the admin password if you’re still using it. In fact, it’s one of the first actions I take when setting up a webcam on my own network.
Adding input devices such as webcams or microphones — the new Amazon Echo device is a superb example of this — to the home can be a super helpful thing. I’ve been able to remotely open my garage door when a delivery truck arrives, for example, because I can see that the truck is at my home. That’s far better than missing a delivery. And I’ll admit, I get a kick out of watching the Abbey Road crossing cam daily, but that’s meant for public consumption.
When setting up these types of devices in privately owned areas, you have to be smart: Make sure you and only you have control over them. Better yet, it would be nice if these device makers would programmatically force you to change the admin password upon setup. Then maybe, we wouldn’t have a glimpse into 73,000 places that we shouldn’t.