The website Insecam claims it’s providing a public service announcement of sorts… the trouble is, that announcement seems to be: change your security camera password or we’ll broadcast your bedroom or living room publicly for all to see… and make a profit doing it.
Outed yesterday by Network World, Insecam displays live feeds from over 73,000 unsecured security cameras, organized by country and browsable 24/7. It’s creepy, voyeuristic and, apparently, in service of security.
According to the website’s about page, the site is all about “show[ing] the importance of the security settings.” But while that is the exploit being taken advantage of here — people don’t change the security camera’s default username and password, allowing anybody access — there’s something disturbing about posting those feeds online and making a profit off ad revenue.
Some 11,000 cameras are streaming from the US, nearly 3,000 from the UK, about 4,800 in China, and many many more from other countries. And while this is, according to a lawyer who spoke with Motherboard about the site, a blatant violation of the Computer Fraud and Abuse Act, there might not be much the law can do about a website based out of Moscow.
Whatever the case may be, there is only one way to make sure that the site doesn’t stream your living room for the whole world to see, and that’s to make sure you change the default username and password on your security cameras.