TECH

Webcam Hackers Could Be Watching You Online, Watchdog Warns

20/11/2014 07:45 GMT | Updated 20/11/2014 08:59 GMT

The public has been warned about a website containing thousands of live feeds to UK baby monitors, webcams and CCTV systems.

People can easily be watched in their own homes or at work by hackers if they do not secure their equipment with passwords, and install security software, the UK's privacy watchdog has warned.

The Information Commissioner's Office (ICO) urged people to upgrade their passwords after a Russian-based website was found to be accessing cameras from an office in Warwickshire to a child's bedroom in Birmingham.

The website is thought to feature live feeds from homes and businesses across the UK, other locations include a gym in Manchester, a shop interior in London and an office in Leicester.

Russia hacks UK webcams

Camera owners are now being urged to check their equipment and set hard-to-guess passwords containing a mixture of lower and upper case letters, numbers and other characters.

With an estimated 350,000 such cameras sold in the country last year, the ICO warned that those without password protection or with weak passwords could be vulnerable to hackers.

Information Commissioner Christopher Graham told the BBC there were 600 UK feeds and there were international efforts to tackle the site.

webcam

"It's spooky," he said. "They scan the internet and track down feeds. There are 600 in the UK and that is nothing - there are 5,000 in the States. We were alerted to it by our colleagues in Australia and Canada. It's all over the place."

He added had the website been based in the UK it would be illegal, breaching the Data Protection Act, but said the issue needed a "global response".

How To Protect Yourself: By Tech Editor Michael Rundle

Do you have a webcam that you're not sure is secure? Then you have two options.

First is follow this series of advice from security firm Kaspersky Labs:

Start by securing the device that provides access to the Internet – your router. Change the default administrator password. Ensure that it’s using WPA2 encryption. Switch off SSID, so that the name of your router isn’t broadcast to anyone within range. Change the default password for any other devices you use – baby monitors, webcams, printers, etc. Ensure your mobile devices are fully protected with security software (Android, mainly).

Now, be aware of rogue apps. In particular, check the permissions that an app asks for when you’re installing it. Be aware that mobile devices are easily misplaced and lost. By using a secure password or initiating a finger-scanning application on your mobile device, it makes it far more difficult for a hacker to gain access to the device. Only connect to secure WiFi hotspots. When you’re browsing the internet in a coffee shop, you may be connected to a hacked network, allowing hackers to sniff your web traffic and get into your device.

The second is to do this:

tape webcam

Simon Rice, ICO group manager for technology, said: "The website, which is based in Russia, accesses the information by using the default login credentials, which are freely available online, for thousands of cameras.

"The footage is being collected from security cameras used by businesses and members of the public, ranging from CCTV networks used to keep large premises secure, down to built-in cameras on baby monitors.

"This is a threat that all of us need to be aware of and be taking action to protect against."

Many people use webcams to monitor their homes remotely while they are away, viewing the footage over the internet.

youtube

But Rice warned: "The ability to access footage remotely is both an internet cameras biggest selling point and, if not set up correctly, potentially its biggest security weakness. Remember, if you can access your video footage over the internet, then what is stopping someone else from doing the same?

"You may think that having to type in an obscure web address to access the footage provides some level of protection. However, this will not protect you from the remote software that hackers often use to scan the internet for vulnerable devices. In some cases, insecure cameras can be identified using nothing more than an internet search engine.

"As a last resort, you can always cover the lens if you don't want to use the camera all of the time."

webcam

Emma Carr, director of Big Brother Watch, said "few people would leave their front doors unlocked, failing to password protect your devices carries the same risks to both their privacy and security.

"As the capability of these devices becomes increasingly sophisticated, it is inevitable that users will inadvertently expose themselves and their lives to hackers. This warning from the ICO should come as a timely wake up call that the public need to start educating themselves about the technology they are bringing into their homes and how to keep it secure."

The latest disclosures come after the UK spy agency GCHQ was also accused of harvesting webcam images - including sexually explicit material - of millions of internet users.

In shocking files leaked by US whistleblower Edward Snowden, the Guardian newspaper claimed a surveillance programme operated by GCHQ, with aid from America's National Security Agency (NSA), collected still images of Yahoo webcam chats.

Between 3% and 11% of the Yahoo webcam imagery stored by the Cheltenham-based listening post contain "undesirable nudity", the previously top-secret documents reveal.

Internet giant Yahoo reacted furiously to the claims, branding them a "whole new level of violation".

Reacting to the latest disclosures, MPs have said the invasion into privacy was "frankly, creepy."