Is your own webcam spying on you?

Is your own webcam spying on you?

If you have not changed the password of your Internet Protocol (IP) camera, beware.

Strangers may be able to view footage from your camera - live.

A website called insecam.com is broadcasting 73,000 live streams from such web cameras around the world.

These include IP cameras from unsuspecting users from the US, China, Taiwan and even as far as Uganda and Iceland.

785 CCTV streams are supposedly from Singapore.

The home page of Insecam's website states: "This site has been designed in order to show the importance of the security settings."

There are also camera advertisements on the website.

The Insecam.com website address is registered in the US with domain name registrar GoDaddy and the website's servers are located in Russia, according to Internet services website IPAddress.com.

Although some of Insecam's footage links are unable to load, the working ones show kitchens, bedrooms and offices.

Footage is believed to be from CCTV and IP cameras. IP cameras work by connecting to a Wi-Fi network. These are popular as the camera footage can be viewed via an Internet-enabled smartphone or computer.

To view the camera recording, a user needs to enter a username and password.

While owners are encouraged to change the camera's default account name and password when they first log in, some people do not change it. By using the default passwords, Insecam is able to log in and gain access to thousands of IP cameras, without the knowledge of the camera owners.

Some popular brands of cameras found on the website include Linksys, Panasonic and Foscam.

A customer service officer from Foscam Singapore said Insecam was probably able to gain access to camera footage easily as their owners did not set a password.

He said: "However, we have newer camera models that prompt users to reset their password after the first log-in."

He added that Insecam is likely to be streaming footage from older models, as they do not have this security feature.

He said: "It is also stated clearly in the user manual that customers should reset their password for security reasons. However, we cannot enforce the practice."

Ms Michelle Fong, 45, an employee at EasyN, a company that specializes in IP camera products, said: "We cannot force customers to change their password. We can only remind them, and warn them of the dangers if they don't."

According to the FAQ page on Insecam, the cameras shown on their site are not hacked.

It said: "Owners of these cameras use (a) default password (for an) unknown reason. There are a lot of ways to search such cameras in (the) Internet using Google, search software or specialised search sites."

REMOVAL

People who see their camera footage on the site and want it removed can send the URL of their camera to Insecam via e-mail, the website said.

Despite that, Insecam cautions that the user's camera will still be available to Internet users that use surveillance camera search software and sites.

It said: "The only solution to make your camera private is to change (the) default password."

Ms Gloria James, a lawyer with Gloria James-Civetta & Co, said what Insecam is doing can be considered a case of hacking.

She said: "Although the users did not change their default privacy settings, requiring a password to view the CCTV footage means that permission is needed from the owners."

This unauthorised usage is also considered an invasion of privacy, she added.

Madam Emi Zng, 37, a nurse, installed five IP cameras at home to monitor her two children while she is at work.

Her husband has changed the password needed to view their camera footage, so she is not worried it will be found on Insecam.

She said: "It's terrible to have such a website. It's a good reminder for IP camera owners to change their passwords."


This article was first published on Nov 11, 2014.
Get The New Paper for more stories.

This website is best viewed using the latest versions of web browsers.