Too many people are leaving their internet-connected webcams wide open to silent perverts, the UK's privacy watchdog has warned.
The ICO has urged everyone to make sure they've changed their passwords on the devices from the factory defaults, which scumbags are exploiting to spy on victims from afar.
The warning follows the creation of a website that allows voyeurs to watch live footage from insecure cameras located around the world. The website, which is based in Russia, accesses the cams using the default login credentials, which are freely available online for thousands of devices.
The site streams live footage ranging from CCTV networks to built-in cameras from baby monitors. The video is largely available because people and businesses alike are failing to change the passwords on the kit from the defaults.
The particular site - insecam.cc - at the centre of the security flap claims it has been set up order to show the importance of the security settings. "To remove your public camera from this site and make it private the only thing you need to do is to change your camera default password," it states.
Insecam claims to offers feeds from IP cameras all over the world. Whether or not it violates any security and privacy laws has been a matter of some debate. Irrespective of that, it seems unlikely that Russian authorities will move to shut down the website any time soon. And even if they do, it might easily pop up in another jurisdiction.
David Emm, principal security researcher at Kaspersky Lab, commented: "The fact that a website is able to stream footage from thousands of cameras, illustrates the risks that consumers are taking by not changing the default passwords on camera enabled devices. It only takes a minute to change a password, and the longer it is left unchanged, the greater the chance that the device will be compromised."
A related threat means that malware on computers can turn PCs into tools for online Peeping Toms. This is a very real threat as evidenced by a number of successful prosecutions. Perverts typically use surreptitiously captured images or footage in attempts to blackmail victims into handing over more explicit images.
"The problem’s not just restricted to IP devices, but to any device that has a connection to the Internet. This includes devices that connect via a home router, such as baby monitors or webcams. It also includes mobile devices too," Emm added.
A blog post by the ICO provides a list of simple steps that guard against internet-connected webcams being hijacked. There are three main steps: change default passwords, check all the available security settings, and secure all of your other devices with an internet connection. ®