Baby monitors, CCTV cameras and webcams from UK homes and businesses hacked and uploaded onto Russian website

Cameras from CCTV to baby monitors can be breached as people urged to change passwords

Loulla-Mae Eleftheriou-Smith
Thursday 20 November 2014 09:33 GMT
Comments
Webcams in the UK, from inside offices and gyms to baby monitors have appeared on the site
Webcams in the UK, from inside offices and gyms to baby monitors have appeared on the site

A Russian website has been found to be hosting hundreds of feeds of live footage from inside UK homes and businesses, which have been accessed by hacking into people’s webcams, which includes CCTV cameras and baby monitors.

The UK’s privacy watchdog has urged people to upgrade their passwords after the website was found to feature 500 live feeds from Britain alone.

The Russian site currently shows what is believed to be a child’s bedroom in Birmingham, a gym in Manchester, an office in Leicester, and a shop interior in London, among others.

The Information Commissioner’s Office (ICO) has warned that people in the UK with webcams using weak passwords or without any password protection, will be vulnerable to hackers. An estimated 35,000 of such cameras were sold in the UK last year.

A page of webcams in New York that can be accessed from the site

UK Information Commissioner Christopher Graham said he will work with Russian authorities to have the site taken down, adding that a site of this kind would be illegal in the UK. But Sky News reports the site's alleged administrator said the cameras have been hacked to highlight poor security, and that the site will only be taken down "only when all cameras will be password protected".

Simon Rice, ICO group manager for technology, said: “The website, which is based in Russia, accesses the information by using the default login credentials, which are freely available online, for thousands of cameras.

“The footage is being collected from security cameras used by businesses and members of the public, ranging from CCTV networks used to keep large premises secure, down to built-in cameras on baby monitors.

“This is a threat that all of us needs to be aware of and be taking action to protect against,” he said.

The ICO is urging people to take steps to secure any internet accessible cameras they may own by changing default passwords to something that cannot be easily guessed and which contains a mixture of upper and lower case letters, numbers and characters. It advises people to check all the available security settings for their cameras, and to secure all other devices with an internet connection.

A page of webcams in the Netherlands that can be accessed from the site

The Russian site lists the feeds available to view both by country and by device manufacturer. According to the BBC, the most commonly listed webcam to have been hacked is China-based Foscam, followed by Linksys and Panasonic.

A Linksys spokesperson told the BBC: “We are still trying to determine which Linksys IP cameras are referenced on the site. We believe they are older Linksys IP cameras which are no longer being manufactured.

“For these cameras we do not have a way to force customers to change their default passwords. We will continue to educate consumers that changing default passwords is extremely important to protect themselves from unwanted intruders.”

The spokesperson explained that newer Linksys display a warning to users who have not changed the default password, which is seen every time a user logs into the camera.

Many people use their webcams to monitor their homes remotely while they are away, as they are able to watch the footage over the internet. But the ICO is unable to stop hackers from uploading this footage to the Russian website or others similar to it beyond the UK’s borders.

Mr Rice warned: “The ability to access footage remotely is both an internet camera’s biggest selling point and, if not set up correctly, potentially its biggest security weakness. Remember, if you can access your video footage over the internet, then what is stopping someone else from doing the same?

“You may think that having to type in an obscure web address to access the footage provides some level of protection. However, this will not protect you from the remote software that hackers often use to scan the internet for vulnerable devices. In some cases, insecure cameras can be identified using nothing more than an internet search engine.”

Additional reporting by PA

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in