This is disturbing news for anyone who has a web-connected baby monitor. Ars Technica brings us word of search engine called Shodan whose main purpose is to give you access to live web camera streams. Among other things, the search engine reveals live feeds for “marijuana plantations, back rooms of banks, children, kitchens, living rooms, garages, front gardens, back gardens, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores.”
How is this possible? Ars says that many webcams being used today are compromised “because they use the Real Time Streaming Protocol (RTSP, port 554) to share video but have no password authentication in place.” The Shodan search engine is constantly scrolling through the web looking for open ports that aren’t password protected. When it finds one, it snaps a picture of what it sees through the camera and posts it online where registered Shodan members can see it.
Security research Dan Tentler tells Ars Technica that camera manufacturers are in a “race to the bottom” at the moment when it comes to undercutting each other’s prices and that end user security is just a secondary consideration. This means that they’re not investing any money into adding stronger security features to their devices even though end users are often clueless about best cybersecurity practices.
The full Ars article, which also contains suggestions for how to properly rate IoT devices by how secure they are, is well worth reading and can be found here.