How 'home hackers' spy on you and your children... with YOUR webcam: The shocking evidence that shows how private lives are snooped on and streamed live on web
• Investigation reveals 'home hackers'
are spying on people through webcams
• Vulnerable devices include baby
monitors and domestic security cameras
• 350,000 such cameras are bought
every year in the UK by individuals
• Many fail to change the default
passwords leaving them open to hackers
• Experts say thousands may not be aware
hackers are able to spy on them
PUBLISHED: 16:01 EST, 20 September
2014 | UPDATED: 05:01 EST, 21 September 2014
Security camera footage
from inside homes, offices and shops across Britain is being intercepted and
broadcast live on the internet – without the owners’ knowledge.
A Mail on Sunday
investigation can reveal that ‘home hackers’ are easily able to spy on people
going about their daily lives through cameras that were installed in homes to
improve security.
During a two-hour period
last week we watched an internet website – available to anyone in the world –
and saw footage from British locations of:
Scroll down for video
|
|
A baby in
her cot: These personal webcam images were all easily accessible online last
week
|
• Babies in cots
• A schoolboy playing on his computer at home in North
London
• Another boy asleep in bed
• The inside of a Surrey vicar's church changing room
• An elderly woman relaxing in an armchair
• Two men in a kitchen sharing a meal
If you have installed a
camera of the type that can be hacked in this way, you could be being watched
now. Vulnerable devices include baby monitors, domestic security cameras and
CCTV units that monitor offices, shops and factories. Hacking can be prevented
simply by changing the factory-set default security codes that every camera
comes with.
Last night Liberal
Democrat MP Julian Huppert, who sits on the influential Home Affairs Committee
that scrutinises internet crime, said manufacturers had to do more to protect
customers.
‘It’s absolutely shocking.
We should get the companies which sell this to force customers to change
default passcodes,’ he said.
‘This should be a wake-up
call to anyone who has a camera in their home or business.’
Some 350,000 individuals
and businesses buy such cameras every year in the UK and many fail to change
the default passcode – leaving them exposed to hacking.
A large number of buyers
will be parents who use the devices to monitor babies and young children. They
will be horrified to learn that footage they assumed could be accessed by them
alone has, in some cases, been made available by hackers for the world to see.
|
|
+8
|
A young
child asleep: Parents using home security cameras often fail to reset factory
setting codes
|
|
+8
|
An old
lady relaxing: Not resetting passwords makes it easy for hackers to seek out
and broadcast live film on the internet
Our investigation found
that nearly 60,000 hours of live feed from UK surveillance cameras can be
viewed every day on one website alone.
As well as raising a
number of security concerns, experts said it also represented an appalling
invasion of privacy.
Professor Alan Woodward, a
cyber security specialist, said: ‘The really scary thing is that people buy
these cameras for their own security. But they have no idea that thousands of
people might be spying on them at any one time.’
Much of the footage is
mundane and reflects the enormous growth in home security systems, but there
are also huge amounts of live feed from offices, restaurants, bars, swimming
pools and gymnasiums.
Cashiers and hotel
receptionists are observed in close-up from cameras fixed to walls behind them;
there is footage from inside a London hair salon; women can be seen having
their nails manicured in Eastleigh, Hampshire; and another stream shows men
lifting weights in a Manchester gym.
Technology expert Shawn
Day said there was worrying potential for the footage to be exploited by
criminals. He said: ‘There was one camera in an office and I could actually
read the screen of the computer where they could be entering private
information such as passwords, but it’s fully displayed to the world.
‘It’s not just the creepy
feeling that you are being seen, which is the main concern, it’s also the
content of what is being seen. We’re talking about financial information,
private information – exactly the sort of stuff the camera is designed to
protect, but is doing the opposite.’
Many home webcams, such as these, are easy targets for hackers, and 350,000 are bought in the UK everyday
The Mail on Sunday was
able to watch footage showing scores of people inside their homes, who were
oblivious to the fact that they were being observed.
Many cameras were fixed on
babies and small children sleeping in their beds. There was also close-up
footage of an elderly lady relaxing in Aberdeen. Another camera in a London
home filmed a schoolboy texting on his mobile phone. A man in Crawley was seen
on a sofa with a cup of tea, with family photographs on the wall behind him.
In the past there have
been some incidents of computer hacking to seize control of built-in webcams.
That process is called
‘ratting’, as the hackers send out a virus that allows them access to a
person’s desktop computer or laptop without their knowledge.
But we discovered that the
hacking of stand-alone security cameras – IP (Internet Protocol) cameras – is a
much simpler process and more widespread. Most cameras that connect to the
internet come with a default username and password which most people do not
realise they can – and must – change.
If owners fail to do so,
their live feed, which they can access from smartphones, could also be picked
up by hackers who scan addresses on the internet until they find an exposed IP
camera. Experts fear large numbers of such cameras are vulnerable to hacking.
The Mail on Sunday visited a travel company, pictured, which had no idea its security camera images were being streamed online
Our reporter, right, showed staff how their meeting was being shown live on the internet
A computer showing the reporter waving at the camera after revealing to the office workers that their footage was available online
The hackers then input a
number of commonly used default passwords until they gain access. Finally they
stream the results on to their own websites for all to see.
For security reasons, the
hacking website is not being named by The Mail on Sunday. The site keeps the
exact locations of the cameras deliberately vague, providing only names of
cities and towns.
During our investigation
we discovered footage being beamed from a travel agent’s office in
London.
Our reporter visited the
office to alert the owner, who had no idea his daily business was being
broadcast to the world. As our reporter helped him log on to the hackers’
website, staff at The Mail on Sunday’s office we were also monitoring it.
We saw the reporter walk
into the shop and explain that the six CCTV cameras had been hacked.
Our reporter waved at the
camera and the businessman was astonished to see it broadcast on his computer.
HOW TO PROTECT YOUR PRIVACY...
1. Ensure
the camera you buy allows you to change the default password.
2. If
manual doesn't explain how to do this, call manufacturer and get clear
guidance.
3. Take
time to set up a strong password and change it regularly.
The shop could easily be
identified to any criminal watching because one of the hacked cameras partially
revealed its address on a hoarding.
‘This is absolutely
appalling,’ said the manager, who asked not to be named. ‘The system was
installed three months ago and they didn’t tell us anything about passwords. I
can assure you they will be changed.’
His cameras were
manufactured by China-based Hikvision, which insisted last night that it does
‘everything possible’ to warn of the need to change default passwords.
In another case, we
identified a house in Southend, Essex, because the Hikvision cameras at the
property – fixed on the drive, back door and side gate – included the owner’s
name and address on screen.
The owner said: ‘We got
these cameras to try to keep our property safe but we never imagined that
people are looking at our house and what we’re doing. Burglars could see when
we’re out.’ After being alerted, the travel agent and homeowner both changed
their passwords. Their footage is no longer available online.
Many of the hacked cameras
used by parents are made by another Chinese company, Foscam.
A spokesman said it was
aware of hacking and will now ‘force’ users to change passwords. It is not
clear who is behind the hacking website, but The Mail on Sunday established
that it is ‘hosted’ by a company called MediaNet based in the Moldovan capital,
Chisinau.
A spokeswoman said: ‘We
were not aware of this. Thank you for letting us know.’ She could not say what
action, if any, would be taken.
Tony Neate, of the
Government’s Get Safe Online campaign, said: ‘The most important thing to take
away from this is how important it is to change the default password on the
device. Camera instruction manuals should explain how to do this, and if not,
then you should contact the manufacturer for guidance.’
It is unclear what can by
done by police, who have spent more than £20 million investigating phone
hacking. The National Crime Agency said: ‘It is vital that individuals and
businesses take all possible steps to protect themselves from having personal
or financial information compromised, making sure operating instructions are
followed, security software is up to date, and passwords are strong and
regularly changed.’
• Information on staying safe online can be found
at cyberstreetwise.com and getsafeonline.org.
Tips on how to keep your webcam safe
Read more: http://www.dailymail.co.uk/news/article-2763664/How-home-hackers-spy-children-YOUR-webcam-The-shocking-evidence-shows-private-lives-snooped-streamed-live-web.html#ixzz3FOW80yYO
Follow us: @MailOnline on Twitter | DailyMail on Facebook
No comments:
Post a Comment