Here is an interesting article over at Ars Technica about the prevalence of Internet-accessible cameras that you can find with a simple Google query. Some of them are intended for public consumption, like the aquarium cam he posts a picture from. Some of them are not, like the jewelry store security cam. But all of them are available to anyone who can find the URL in a search engine.
Why is this so?
Well, security cameras used to be a dedicated product with specialized cabling and deployment techniques. But like so many things (voice telephones, printers, POS terminals, etc.), someone had the innovative idea to just put cameras onto an IP network instead. This meant that the cameras no longer needed runs of special analog cabling back to a VCR or monitor – instead, you could just access the video feed with a web browser.
Well, this is an excellent advancement. But moving things into the IP world means that you now have to be familiar with how to secure things in that world. And clearly, many people are not. They don’t think to change default passwords, or close firewall holes, or whitelist allowable addresses. And their cameras show up in this article.
Cameras aren’t the only culprit. Here’s a list of common IP devices; are you sure that they’re all properly secured on your network?
- Vending Machines
- Cash Registers
- Card Swipe Readers
- Handheld Scanners
- Administration Interfaces (like HP’s ILO)
Securing an IP network means securing everything on that network, not just what we traditionally think of as “computers”. Because everything on that network is a potential target and a potential beachhead for an attacker.