The Age of the Video Ham
Surveillance cameras inadvertently exposed, says Robert Schifreen


Our requirement to increase the security of people and property has resulted in massive deployment of CCTV cameras in homes, offices, schools, hospitals, nurseries, shops, and many other places.

Traditionally these devices were visible only to one or two people.  After all, the CC in CCTV stands for "closed circuit", meaning that the pictures never leave the building and certainly don't get transmitted over public networks.

In recent years the Internet has changed the way that security surveillance cameras are being deployed.  So-called IP cameras plug straight into a corporate Ethernet network or a domestic broadband system, and transmit live video or still images across the internet.

IP cameras are available from the likes of Sony, Panasonic, Linksys, Canon, Toshiba and Axis from around $100. Wi-fi versions are also available, which can be installed anywhere in just a few minutes. Many have "PTZ" features, whereby the camera can be panned, tilted and zoomed remotely in order to highlight a subject of particular interest.

And yet, few who install IP surveillance cameras seem to be aware that they are publishing the pictures live on the internet, for the world to see. Simply by using a search engine such as Google it's possible to locate hundreds of unprotected cameras.

For example, searching Google for inurl:CgiStart?page=Single will bring up dozens of links to Panasonic cameras, allowing remote users to watch the live video stream and, in many cases, pan or tilt the camera.  A search for axis inurl:view/index.shtml will bring up sites hosting cameras made by Axis.

The problem is being highlighted by Robert Schifreen, IT security consultant and broadcaster, and author of the book Defeating The Hacker. Those who surf the web in search of unprotected private surveillance cameras have been termed video hams, the natural successor to the radio amateurs of old.

Allowing an unprotected surveillance camera to be visible over the internet is just asking for trouble.  There are privacy issues, for example, in allowing the general public to watch live images of your staff at work.  Unfettered access to PTZ facilities make it simple for a thief or shoplifter to divert the camera away from where he wishes to strike.

Remember, we're not talking about hobby webcams here, which were always intended to be viewable by the general public.  The systems being targeted by video hams are private cameras.  All of which come with security facilities such as password protection built in, if only the purchasers were aware of them.

My advice to anyone using an IP camera for surveillance is:

  1. Use the camera's in-built password protection rather than allowing the pictures to be streamed to the world.
     
  2. Once you've set up the camera's securely, test it by attempting to connect from outside your company's network.
     
  3. If you really want footage to be accessible over the internet, configure your firewall so that it can only be accessed by those who need to see it.

You can contact Robert Schifreen at robert@schifreen.co.uk.  Further information about the Defeating The Hacker book is available here.

Read the press release.

Robert Schifreen, August 2006

 



Choose a preset position...


Or pan and tilt to create your own.


A shoplifter's dream?


Watch that boat


Watch the factory workers come and go


Fancy watching the kids play?


Who's watching your building?


Keep an eye on deliveries


See people's cars being serviced

Images from unprotected
IP cameras located by Google.