A strange looking website is letting anyone in the world stream from more than 73,000 IP cameras whose respective owners have not yet changed their default passwords. Whether or not this website is highlighting an important security problem as they are claiming to do, this appears to be a serious breach of privacy.
Insecam has access to more than 73,000 cameras all around the globe which includes more than 11,000 cameras in the United States, 6500 in Republic of Korea and almost 5000 in China. Even though the website states that it is trying to emphasize on an important security issue, it is clearly profiting from advertisements as well.
"Sometimes administrator (possible you too) forgets to change default password like 'admin:admin' or 'admin:12345' on security surveillance system, online camera or DVR. Such online cameras are available for all internet users. Here you can see thousands of such cameras located in a cafes, shops, malls, industrial objects and bedrooms of all countries of the world. To browse cameras just select the country or camera type.
This site has been designed in order to show the importance of the security settings. To remove your public camera from this site and make it private the only thing you need to do is to change your camera password."
Just a click on the place you want to stream, and you'll easily have access to it, these places do not only include parking lots and stores but also living rooms and bedrooms which means that any person, anywhere in the world, can spy on you just because you forgot (or didn't know) that you had to change your IP camera's default password.
The administrator of the website reportedly contacted Motherboard and reiterated his/her statement that:
"Only [the website] can prove the scale of the problem.This problem was in darkness for many years.
The administrator also wrote that nobody has yet asked to have their camera removed from the site.
"Most people still do not know about the problem."
The process for adding cameras to the site is allegedly "automated," with thousands collected each week.
Despite what the website's alleged motives are, it is still probably doing more harm than good. This website exposes the private lives of people without their permission which is a clear violation of privacy laws, as a US lawyer tells Motherboard, "It is a stunningly clear violation of the Computer Fraud and Abuse Act (CFAA)."
Matthew Green, assistant research professor at the Department of Computer Science at John Hopkins University further emphasized on the gravity of the situation saying that:
"The real problem is that the people who are the victims—the people who are being observed—are not necessarily being notified that this is happening."
Despite the website creator's unclear motives by allowing anyone to stream from CCTVs, Panasonic cameras, Hikvision and AVTech DVRs, the website is still up and running with the identity of the creator currently unknown, the domain is registered with GoDaddy with a IP address linked to Moscow. In privacy breaches like these, we can only advise our privacy-conscious readers to change the default passwords of their IP camera and let others know as well.