Blog

Researchers Investigated Internet-Connected Surveillance Cameras, What They Found is Unbelievable

b2ap3_thumbnail_internet_of_things_presents_risk_400.jpgThere’s a reason why IT professionals think that the Internet of things is a major security discrepancy. Around 5.5 million new devices are being connected to the Internet every day, and are giving security experts a run for their money. The Internet of Things and its devices could potentially become a security hazard for businesses that aren’t prepared to protect their assets from hacks.

It’s not unheard of for users of Internet of Things devices to forget to secure them, especially in the case of security cameras. If this happens, an unsecured security camera that’s connected to the Internet can be used for some nefarious things. Lisa Vaas of Naked Security reported on a study saying that these IoT devices have plenty of security holes. Her report, “DVR snaps stills from CCTV surveillance and sends them to China,” goes into detail about findings from researchers at UK-based Pen Test Partners.

The study analyzed data from Shodan, the search engine dedicated to Internet-connected devices like buildings, smart appliances, webcams, and so much more. These researchers chose to focus on Internet-connected surveillance cameras.

Just a quick note: we want everyone who uses web-connected security cameras to know that even an average PC user can create a Shodan account and use it to search for, access, view, and control unsecured cameras. We weren’t sure how well this works, but it definitely does. Take a moment to view these stills from random surveillance cameras that we came across on Shodan:

ib spy1

ib spy2

ib spy3

ib spy4

These are just a couple of random shots that we came across. There might not be much going on here, but one thing we do know, monitoring strangers in their homes is certainly unethical. These cameras are just random ones that we stumbled upon. However, Shodan has been criticized for giving its users easy access to cameras that are sensitive in nature. Vocativ cites findings by Ars Technica:

These webcams show feeds from sensitive locations like schools, banks, marijuana plantations, labs and babies’ rooms. Shodan members who pay the $49 monthly fee can search the full feed at images.shodan.io. A Vocativ search of some of the most recently added images shows offices, school, porches and the interior of people’s homes. Accompanying each of these grabs is a pinned map that shows the location of the device capturing that footage.

If you’re still not sold on how creepy and intrusive this whole concept is, let’s go back and take a closer look at the first study we mentioned by Pen Test Partners. Vass reports:

The device also has no Cross-Site Request Forgery (CSRF) protection, so attackers can trick users into clicking on links to carry out malicious actions; it has no lock-out, so attackers can guess as many passwords as they like; it sends communications without HTTPS that can be intercepted and tampered with; and there’s no firmware updates, so “you’re stuck with these issues,” Pen Test Partners said. But weirdest of all, the thing is capturing still images from video feeds and emailing them to an address that appears to be hosted in China.

Why exactly are surveillance images being sent to China? This is a question that Pen Test Partners was never able to answer. Rather than speculate on what’s going on here, we’re going to take the objective road and attempt to address the real problem: the fact that surveillance cameras are unsecured in the first place.

If your organization needs assistance with securing your Internet-connected devices, White Mountain IT Services can help. We can help you understand how Internet of Things devices work, and what you can do to ensure that maximum security for your network. To learn more, give us a call at 603-889-0800.

Related Articles

  • Tech Term: What are Proxy Servers? While proxy server is a tech term that is frequently cited, it is not understood by a vast majority of people. Today we will describe what a proxy server is, and why organizations like yours use them. What is a Proxy Server? Simply put, a proxy server is a computer that acts as an intermediary be...
  • Tip of the Week: Awareness is Key to Mobile Device Security With more and more businesses relying on mobile devices for their business they have to be sure that the use of these devices doesn’t present security issues for the company. With all that is happening in business computing today, finding out how you can protect yourself in lieu of the prevalence sm...
  • Tip of the Week: 3 Ways to a Faster Boot Time Your time is valuable, so you don’t have time to waste on waiting for your Windows operating system to boot up. In the interest of saving time, today’s tip will go over three ways to speed up your Windows 10 boot time. Of course, you should always check with IT to make sure it is okay before you ...
  • Would You Fall for this Adult Scam if You Saw an Old Passwor... As you may expect, the average Internet scammer isn’t above resorting to dirty tricks to claim their ill-gotten prize from their victims. A recent scam demonstrates just how dirty these tricks can truly be, and unfortunately, how ill-prepared many are to handle them. To preface this scam, we need...
  • Three Reasons VoIP is a Great Choice for Businesses If you’re trying to run your business without considering communication, you’re crippling your business unnecessarily. One of the ways that you can improve communications is by capitalizing on a modern phone system that uses the cloud. You might be surprised by how great a cloud-hosted VoIP solution...
  • 4 Internal Threats Every Business Owner Should Understand In light of all the data leaks and vulnerabilities that have been brought to light over the past few years, network security has to be a priority for every business. One problem many organizations have is that while they are protecting their network and infrastructure from threats outside their comp...
With the surge in the number of small and medium businesses that have fallen prey to malware and cyber criminals, there is a lot of focus of what an organization can do to prevent being a victim and how the company should handle themselves after an attack. There is another key factor to preventing cyber criminals from penetrating into your network:...

- Onsite Service Coverage Area -

Onsite Computer Support Services are available to businesses within 100 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH and then down into Boston. From Northern and Central Mass we cover from Worcester, east to the North Shore, including the Salem and Portsmouth NH area.

 

603-889-0800

White Mountain IT Services
33 Main Street Suite 302
Nashua, New Hampshire 03064

 

 padlock1  Cyber Security Toolkit

cloud desktop2 Cloud Desktop Login

Open Positions