An odd site called Insecam purports to display 73,000 unsecured webcams from around the world, most of them CCTV and simple IP cameras. All of the cameras have two things in common – they’re streaming on publicly accessible network ports and they are still using the default passwords, thereby allowing anyone with a web-crawling robot and the wherewithal to type admin/admin to gain access to the stream.
The site breaks the cameras down by model and location and most of the cameras are standard IP-based cameras (or banks of cameras) made by major manufacturers like Foscam and Panasonic. These “unpatched” camera lists have been around for years but this is the first aggregator that gained worldwide attention after Motherboard brought it to the fore.
What will you see when you visit the site? Not much, I’m afraid. I believe worldwide attention has started to tear down the service and most of the feeds are dead. However, as NetworkWorld notes many of the Foscam-branded cameras are being used as baby cams, a fact that should give parents pause. You can see some live cameras if you move away from the front page and start viewing cameras further afield but most streams are dead.
The creator, an anonymous admin who appears to be hosting the service in Russia, writes:
There is no reason for webcams to stream publicly with a weak password. While it may be easier for your IT person to set up your eight-way CCTV with the standard admin/12345 combination, it’s clear that anyone with a modicum of skill can and will take advantage of your largesse. It’s not computer crime when the data is out in the open and we shouldn’t welcome an invasion of privacy because we’re too lazy to read a manual.