The Age of the Video Ham
Traditionally these devices were visible only to one or two people. After all, the CC in CCTV stands for "closed circuit", meaning that the pictures never leave the building and certainly don't get transmitted over public networks.
In recent years the Internet has changed the way that security surveillance cameras are being deployed. So-called IP cameras plug straight into a corporate Ethernet network or a domestic broadband system, and transmit live video or still images across the internet.
IP cameras are available from the likes of Sony, Panasonic, Linksys, Canon, Toshiba and Axis from around $100. Wi-fi versions are also available, which can be installed anywhere in just a few minutes. Many have "PTZ" features, whereby the camera can be panned, tilted and zoomed remotely in order to highlight a subject of particular interest.
And yet, few who install IP surveillance cameras seem to be aware that they are publishing the pictures live on the internet, for the world to see. Simply by using a search engine such as Google it's possible to locate hundreds of unprotected cameras.
For example, searching Google for inurl:CgiStart?page=Single will bring up dozens of links to Panasonic cameras, allowing remote users to watch the live video stream and, in many cases, pan or tilt the camera. A search for axis inurl:view/index.shtml will bring up sites hosting cameras made by Axis.
The problem is being highlighted by Robert Schifreen, IT security consultant and broadcaster, and author of the book Defeating The Hacker. Those who surf the web in search of unprotected private surveillance cameras have been termed video hams, the natural successor to the radio amateurs of old.
Allowing an unprotected surveillance camera to be visible over the internet is just asking for trouble. There are privacy issues, for example, in allowing the general public to watch live images of your staff at work. Unfettered access to PTZ facilities make it simple for a thief or shoplifter to divert the camera away from where he wishes to strike.
Remember, we're not talking about hobby webcams here, which were always intended to be viewable by the general public. The systems being targeted by video hams are private cameras. All of which come with security facilities such as password protection built in, if only the purchasers were aware of them.
My advice to anyone using an IP camera for surveillance is:
Robert Schifreen, August 2006
Images from unprotected