Insecam Displays Unsecured Webcams From Around The World

An odd site called Insecam purports to display 73,000 unsecured webcams from around the world, most of them CCTV and simple IP cameras. All of the cameras have two things in common – they’re streaming on publicly accessible network ports and they are still using the default passwords, thereby allowing anyone with a web-crawling robot and the wherewithal to type admin/admin to gain access to the stream.

The site breaks the cameras down by model and location and most of the cameras are standard IP-based cameras (or banks of cameras) made by major manufacturers like Foscam and Panasonic. These “unpatched” camera lists have been around for years but this is the first aggregator that gained worldwide attention after Motherboard brought it to the fore.

Screen Shot 2014-11-07 at 8.36.06 AM

What will you see when you visit the site? Not much, I’m afraid. I believe worldwide attention has started to tear down the service and most of the feeds are dead. However, as NetworkWorld notes many of the Foscam-branded cameras are being used as baby cams, a fact that should give parents pause. You can see some live cameras if you move away from the front page and start viewing cameras further afield but most streams are dead.

The creator, an anonymous admin who appears to be hosting the service in Russia, writes:

Sometimes administrator (possible you too) forgets to change default password like ‘admin:admin’ or ‘admin:12345’ on security surveillance system, online camera or DVR. Such online cameras are available for all internet users. Here you can see thousands of such cameras located in acafes, shops, malls, industrial objects and bedrooms of all countries of the world. To browse cameras just select the country or camera type.This site has been designed in order to show the importance of the security settings. To remove your public camera from this site and make it private the only thing you need to do is to change your camera password.

There is no reason for webcams to stream publicly with a weak password. While it may be easier for your IT person to set up your eight-way CCTV with the standard admin/12345 combination, it’s clear that anyone with a modicum of skill can and will take advantage of your largesse. It’s not computer crime when the data is out in the open and we shouldn’t welcome an invasion of privacy because we’re too lazy to read a manual.