More than 15,000 webcams globally remain hackable
More than 15,000 private webcams around the world -- many of which are located inside houses -- could be tapped, discovered Wizcase. All it takes to do so is a simple internet connection.
White hat hacktivist Avishai Efrat has located more than 15,000 potentially accessible webcams, which could expose a plethora of identifying and compromising information to cyber-criminals.
"Some examples of camera that were accessible include those at shops, inside the kitchens/living rooms/offices of private family homes – including a live feed of people on the phone and children peeking at the camera directly, tennis courts, storage units, hotels, museum security feeds, churches, mosques, parking lots, gyms, and more," said the Wizcase blog post on the discovery.
The loopable devices include those made by market leaders such as AXIS net cameras, Cisco Linksys webcam, IP Camera Logo Server, IP WebCam, IQ Invision web camera, Mega-Pixel IP Camera, Mobotix, WebCamXP 5, and Yawcam.
"These devices seem to be prone to be accessed remotely if no additional security measures are taken after installation," said the blog post. Thousands of such devices were located across the Americas, Europe, Asia and Australia.
What makes web cams susceptible to hacking is the fact that they need to be accessed remotely, either by the users or by the manufacturer’s servers.
"In basic terms, using port forwarding means making the camera accessible through your computer’s external IP (your router). This is usually done automatically using a set of network protocols called UPnP in order to avoid technical manual configurations. This is the step which basically makes the device accessible from the external network using a defined port on the external IP," said the blog post.
"Without further precautions such as password authentication and IP/MAC address whitelisting, this is insecure."
End-users have to be diligent above and beyond simply securing such devices, said Jan van Vliet, EMEA VP and GM at Digital Guardian.
"It is foolish to assume that just because we purchase an IP-enabled device and add it to our environments that the device in question is secure or that our networks are secured to the point of mitigating unwanted/unauthorised bi-directional communication and control," he said.
The focus of ease in assembling the system often compromises security, said the Wizcase blog post.
"Web cameras manufacturers strive to use technologies which make the device installation as seamless as possible but this sometimes results in open ports with no authentication mechanism set up. Many devices aren’t put behind firewalls, VPNs, or whitelisted IP access – any of which would deny scanners and arbitrary connections. If these devices have open network services, then they could be exposed," it explained.
"Programmers nowadays are no longer scientists. They are fitters – assembling third party libraries, components and tools to create the desired application. They are doing this without a clear understanding of the underlying principles of how these libraries work at a fundamental level," noted Stephen Gailey, head of solutions architecture at Exabeam.
"Any failure in one of these software components, any lack of understanding in how to assemble them – or even in how they interact with the rest of the Internet – is likely to lead to significant future vulnerability. As in this case, even a simple operational error could leak users’ data," he added.
Manufacturers and vendors have a growing responsibility, especially in the IoT space, said van Vliet of Digital Guardian. "Ideally, all devices should be assessed for risk at the manufacturer and then again by those who are responsible for selling/implementing them in enterprises."
Security is a shared responsibility between vendors and consumers, said Jonathan Knudsen, senior security strategist at Synopsys.
"Vendors are responsible for minimising vulnerabilities in the design and implementation of their products. Consumers are responsible for deploying products in configurations that meet their own goals," he said.
He finds it unlikely that all 15,000 webcams were purposely exposed to the internet with no security controls in place, saying that probably the consumers themselves did not understand the implications when they set up these cameras.
"To some degree, consumers bear the responsibility of understanding the products they use, and understanding how they are configured and deployed," he added.
source scmagazineuk
Industry: Cyber Security
Latest Jobs
-
- Microsoft Security Operations Analyst | Bracknell | SC Clearable | SC-200
- Reading
- N/A
-
Senior SOC Analyst Level 2 / 3. Microsoft Security stack | SC Clearable Location: Hybrid remote | Berkshire SC-200 Senior SOC Analyst Level 2 / 3 to join a specialist Managed Security Services business. You will be responsible for advanced threat hunting / triage, incident response etc with a strong focus on the Microsoft Security Stack. Key Responsibilities: Lead and resolve complex security incidents / escalations Conduct advanced threat hunting using the Microsoft Security Stack. Build, optimise and maintain workbooks, rules, analytics etc. Correlate data across Microsoft 365 Defender, Azure Defender and Sentinel. Perform root cause analysis and post-incident reporting. Aid in mentoring and upskilling Level 1 and 2 SOC analysts. Required Skills & Experience: The ability to achieve UK Security Clearance (SC) - existing clearance ideal. (Sorry no visa applications) Must have current experience working with a SOC environment Key experience must also include, but not be limited to Development and tuning of custom analytic rules. Workbook creation and dashboarding. Automation using Playbooks and SOAR integration. Kusto Query Language (KQL).
-
- Service Architect- DACH regions
- Germany
- Upto €110,000 plus bonus and benefits
-
Lead Service Architect with the authority and experience to take control of complex, multi-million-euro outsourcing bids. This role is about leading the Service/ solutioning effort, bringing structure to chaos, and driving the entire bid team to deliver winning proposals. The company area a global managed services business working with enterprise and public sector clients, across Cloud, End-User Computing, Digital Workplace, Service Desk, and Network Infrastructure. What You’ll Do: Lead Service/ solution design from qualification to contract. Control bid teams — architects, pricing, delivery, and SMEs. Break down RFPs/RFIs into actionable, costed, client-ready solutions. Present internally and to clients at decision-maker level. Run solution workshops, own the architecture, and shape the financial model. You’ll Need: Experience working as a Service architect, Service Manager or Customer Success Manager R Gravitas to lead and drive teams through high-stakes bids. Deep knowledge of managed services delivery and commercial models. Strong technical grasp: Cloud, Security, EUC, Unified Comms, Service Desk, and more. Experience leading deals across onshore, offshore, and hybrid delivery models.
-
- Deal Architect- DACH region
- Germany
- Upto €110,000 plus bonus and benefits
-
Lead Deal Architect with the authority and experience to take control of complex, multi-million-euro outsourcing bids. This role is about leading the solutioning/ Service effort, bringing structure to chaos, and driving the entire bid team to deliver winning proposals. The company is a global managed services business providing solutions to enterprise and public sector clients, across Cloud, End-User Computing, Digital Workplace, Service Desk, and Network Infrastructure. What You’ll Do: Lead the deal from qualification to contract. Control bid teams — architects, pricing, delivery, and SMEs. Break down RFPs/RFIs into actionable, costed, client-ready solutions. Present internally and to clients at decision-maker level. Run solution workshops, own the architecture, and shape the financial model. Be responsible for the service Wrap and ensuring the Service meets clients requirements You’ll Need: A back ground with IT Services Experience in a similar type of role, for example: Deal, Service, or Solution Architect in ICT outsourcing. Gravitas to lead and drive teams through high-stakes bids. Deep knowledge of managed services delivery and commercial models. Strong technical knowledge: Cloud, Security, EUC, Unified Comms, Service Desk, and more. Experience leading deals across onshore, offshore, and hybrid delivery models.
-
- Pre Sales Lead- IT Services
- Germany
- Upto €100,000 plus benefits
-
As the Pre-Sales Lead (Sales Engineer/ Solution Architect) you will drive large-scale ICT managed services and outsourcing deals (from €0.5M to €20M+). You'll work directly with Business Development and clients to design high-impact solutions across Cloud (Azure, IaaS, SaaS, PaaS), EUC, Unified Comms, Security (SIEM, PAM), Networks, and Smart Workplaces. What You’ll Do: Lead the end-to-end pre-sales cycle — from RFI/RFP to contract. Design innovative, client-specific solutions with technical & commercial impact. Present at CxO level and steer proposal strategies & financial models. Collaborate closely with Portfolio, Service Desk, Field, and Digital Workplace teams. Support deal shaping with strong knowledge of ITIL, SIAM, Automation, and cost analysis. What You’ll Bring: Have strong experience in pre-sales or solution architecture. Experience with €M+ managed service deals. Deep technical expertise in modern ICT stack and enterprise IT services. Strong German (C1) and English communication skills. Certifications: ITIL v3/v4 required; SIAM, ISO20000 desirable.