Hundreds of PHL security cams hacked, posted online

^{Sample screen grab of just one of hundreds of hacked webcams across the Philippines.}

Here's one more reason for owners of security cameras to change their devices' default passwords: their private lives could be made public by a hacker's website.

 

The site claims to link to more than 73,000 security cameras whose default passwords the owners failed - or did not bother - to change.

 

In the Philippines, it listed at least 507 such sites as of Tuesday noon.

 

"Sometimes administrator (possible you too) forgets (sic) to change default password like 'admin:admin' or 'admin:12345' on security surveillance system, online camera or DVR. Such online cameras are available for all internet users. Here you can see thousands of such cameras located in a cafes, shops, malls, industrial objects and bedrooms of all countries of the world. To browse cameras just select the country or camera type," its administrator said.

 

According to the administrator, the site was designed "in order to show the importance of the security settings."

 

It advised owners of cameras whose feeds are featured on the site to "change your camera password."

 

Covered by the site are network surveillance security cameras and digital video registration systems, not USB cameras on PCs and internal cameras on notebooks.

 

"These cameras are not hacked. Owners of these cameras use default password by unknown reason. There are a lot of ways to search such cameras in internet using google, search software or speciali(z)ed search sites," the administrator said in an FAQ page.

 

A separate article on Networkworld.com said the site linked up to 73,011 unsecured camera locations in 256 countries.

 

"Mostly, it falls on us, dear security-conscious readers, to nudge our not-so-techy friends and remind our families how very important it is to set strong passwords on security cameras unless they want to give the whole world a free pass to watch inside their homes," it said.

 

On the other hand, Motherboard magazine said the website is "one of the latest, and perhaps biggest, examples of a trend wherein security researchers risk people’s personal privacy under the justification of exposing security issues."

 

"Although this approach can sometimes force a vendor to act and fix the problem, it can also harm the public at large," it said.

 

It noted researchers who find a vulnerability in a device or system will usually notify the affected company, "then work with them towards a solution behind closed doors."

 

"Sometimes there is a case for highlighting security weaknesses in a bold fashion. It can force companies into a corner, and address a problem that they may otherwise ignore. But websites like this, which expose the private lives of people—people who probably won't find out anyway—don't offer any solutions. The true motives of the site’s creators remain unclear," it added. — Joel Locsin/TJD, GMA News