http://www.theregister.co.uk/2005/01/08/web_surveillance_cams_open_to_all/ By Kevin Poulsen, SecurityFocus 8th January 2005 Blogs and message forums buzzed this week with the discovery that a pair of simple Google searches permits access to well over 1,000 unprotected surveillance cameras around the world - apparently without their owners' knowledge. Searching on certain strings within a URL sniffs out networked cameras that have Web interfaces permitting their owners to view them remotely, and even direct the cameras' motorized pan-and-tilt mechanisms from the comfort of their own desktop. Video surfers are using this knowledge to peek in on office and restaurant interiors, a Japanese barnyard, women doing laundry, the interior of an Internet collocation facility, and a cage full of rodents, among other things, in locales scattered around the world. News of the panoptical search queries apparently began on a community web forum, then spread to the widely-read BoingBoing weblog Wednesday and Thursday. In the past, geeks wanting to peek in on surveillance cams have driven around with receivers and special antenna rigs to pick up signals from wireless cameras. One of the Google search strings circulating summons a list of nearly 1,000 installed network cameras made by Swedish-based Axis Communications, the other turns up about 500 cameras sold by Panasonic. Neither company could be reached after hours Friday. According to their websites, both companies offer the ability to password-protect the Web interfaces to their cameras, and Axis has a feature that blocks access to webcams from all but approved Internet IP addresses. t's not apparent whether the security features are enabled by default. A FAQ on Panasonic's website includes a warning that their network cameras may not be right for "sensitive applications," and sports a broad disclaimer: "No specific claims are made pertaining to specific levels of security the camera offers." _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Tue Jan 11 2005 - 00:56:36 PST