UK webcams hacked and streamed by illegal Russian website

People are being urged to upgrade their webcam’s security following the news that a Russian website has been hosting live feeds from inside homes and businesses.

Hacking into accounts and switching on webcams, the website has been showing scenes including a child’s bedroom in Birmingham, a gym in Manchester, an office and the interior of a shop in London.

The Information Commissioner’s Office (ICO) has warned UK residents with webcams to update their security. Any webcam that uses weak default passwords, or uses none at all, could be vulnerable.

Russian authorities and the ICO are working together to get the site taken down. According to reports, however, the illegal site’s administrator has said that he created it only to highlight poor security, and has no malicious intent.

“The website accesses the information by using the default login credentials, which are freely available online, for thousands of cameras,” Simon Rice, ICO group manager, told the Independent.

“The footage is being collected from security cameras used by businesses and members of the public, ranging from CCTV networks used to keep large premises secure, down to built-in cameras on baby monitors.”

The site lists all feeds available, sorted by country and device manufacturer. The most commonly hacked webcams were designed by Foscam, Linksys and Panasonic.

Many people use webcams to watch feeds of their homes while away, but should be aware that a complicated URL will not keep them safe. Once hacked, the ICO and the UK authorities are unable to stop the footage being uploaded on servers outside of the country.

“A decision should be made as to what is made available for online steaming,” Mark James, security specialist at ESET, told ITProPortal. “I totally understand why you would want to stream your front drive or even the alleyway providing access to the back of the house but in what situation would you need to stream your children’s bedroom outside of your private residence?

“The end user needs to be fully aware that a default password exists with easy instructions on how to change it.”