Wireless baby-monitors have since 2008 been compromised by hackers, but as they gain popularity, they become more vulnerable, and the attacks get terrible every day. Shodan is an Internet of Things search engine that scans the public Internet for the devices communicating on ports as well as other protocols that are universally used by its devices. If you feed it with exact parameters (Real Time Streaming Protocol – RTSP, port 554), you will find immeasurable publicly shared webcams, that range from CCTVs which watch over marijuana grow-ops as well as many other baby-monitors.
The feed comprises of marijuana plantation images, images of bank back rooms, kitchens, garages, living rooms, back and front gardens, swimming pools, ski slopes, laboratories, schools and colleges and also register cash cameras inside retail stores. DAN TENTLER, a security researcher with many years’ of experience exploring webcam security told Ars Technica UK that practically everything you can think of is all over the place.
The cameras are termed as vulnerable because they use RTSP, port 554 to share videos though they have no dedicated password authentication. Shodan crawls the internet randomly while searching for IP addresses that have open ports. In case any free port has no authentication and also streams a video feed, and then the new scrip takes a snap then goes on.
Though privacy implications are apparent here, the new image feed of Shodan outlines the wretched IoT security state and raises queries about what needs to be done to fix the problems.
Insecure webcams aren’t a new thing at all. FTC sanctioned TRENDnet, a webcam manufacturer for exposing the private lives of some consumers for public viewing over the internet. According to Tentler, millions of such like insecure webcams are connected and can easily be discovered with Shodan. The number will only keep on growing.
Why are things getting worse?
Tentler told Ars that the manufacturers of webcams are only in the race to the bottom and that the consumers don’t perceive the value of privacy and security. Quite a number hasn’t shown interest in buying such things. What happens then, manufacturers of webcam cuts down the costs to maximize their profit, but often on a narrow margin. Now a good number of webcams are selling for as little as $20 or £15.
Scott Erven, a security researcher, told Ars Technica UK, “The bigger picture here is not just personal privacy, but the security of IoT devices. As we expand that connectivity, when we get into systems that affect public safety and human life – medical devices, the automotive space, critical infrastructure—the consequences of failure are higher than something as shocking as a Shodan webcam peering into the baby’s crib.“
The problem can easily be admired, but it is harder to find solutions. According to Tentler, he thinks raising consumer awareness will be enough to solve the situation. Regardless of the many presses harping on about the implication of the webcam security, it’s pretty clear, that telling people to take care of the security is not making any difference.