{"id":5953,"date":"2017-02-22T02:54:11","date_gmt":"2017-02-22T07:54:11","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/?p=5953"},"modified":"2017-09-24T18:21:38","modified_gmt":"2017-09-24T14:21:38","slug":"webcams-hacked-again","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/webcams-hacked-again\/5953\/","title":{"rendered":"Webcams vs. Humans"},"content":{"rendered":"<p>Recent news about IP cameras being hacked and private footage sold unlawfully online has bestirred the Internet yet again. Such\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/2ch-webcam-hack\/\" target=\"_blank\" rel=\"noopener nofollow\">headlines<\/a>\u00a0are now unsurprising; however, one new case has a sensitive twist: The cameras were located in a plastic surgery clinic in Moscow. No doubt you can imagine the footage. This incident was initially\u00a0<a href=\"http:\/\/www.bbc.com\/russian\/features-38929977\" target=\"_blank\" rel=\"noopener nofollow\">covered<\/a>\u00a0by Russian BBC. Kaspersky Lab colleagues commented in the article and pointed to lax security practices exercised by the owners. Here we\u2019ll dive a bit deeper into the topic.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5954\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2017\/02\/05112234\/webcam-hacks-featured-1-1-1.jpg\" alt=\"\" width=\"1280\" height=\"840\"><\/p>\n<h2>What threat does surveillance pose?<\/h2>\n<p>The most obvious and unpleasant consequence of CCTV video leaks is the potential\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/good-facial-recognition\/\" target=\"_blank\" rel=\"noopener nofollow\">positive identification of people<\/a>\u00a0in the footage. In other words, a criminal can identify you and then use that knowledge against you for blackmail or burglary. That\u2019s not to mention the invasion of privacy.<\/p>\n<p>Of course, video footage is not enough to gather much information on a victim, but ordinary people willingly publish a lot of personal info online. Arguably, the most publicized incident of the kind was\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/findface-deanon\/\" target=\"_blank\" rel=\"noopener nofollow\">the outing of porn actresses<\/a>. Active imageboard users found the actresses\u2019 social network profiles and contact info with the help of facial recognition services such as\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/findface-deanon\/\" target=\"_blank\" rel=\"noopener nofollow\">FindFace<\/a>\u00a0and then bullied them.<\/p>\n<p>The number of CCTV cameras is constantly increasing, as is their image quality. For example, almost every residential building entrance in Moscow is now equipped with IR cameras that provide decent-quality footage, even in the dark. Have you ever wondered how many surveillance cameras see you on your way home from a local grocery store? Have you ever thought about potential\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/bad-facial-recognition\/\" target=\"_blank\" rel=\"noopener nofollow\">threats<\/a>\u00a0and means of protection?<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">The dark side of facial recognition? <a href=\"https:\/\/t.co\/7I6B8MAZuW\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/7I6B8MAZuW<\/a> <a href=\"https:\/\/t.co\/j2O7QkmlF0\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/j2O7QkmlF0<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/767793551426121728?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">August 22, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Alas, there is no way to avoid surveillance completely. You no longer can fool omnipresent surveillance systems by using masks, glasses, or\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/camouflaging-from-global-surveillance\/\" target=\"_blank\" rel=\"noopener nofollow\">special makeup<\/a>; modern systems do not rely on facial recognition alone, also analyzing the way you walk as well as your behavior and even your mood.<\/p>\n<p>However, such sophisticated systems are used only by government agencies and advanced merchants. The former pursue the goal of public safety (or so they say), and the latter seek ways to quickly and effectively\u00a0<a href=\"http:\/\/www.forbes.com\/sites\/neilstern\/2016\/12\/05\/amazon-go-a-game-changer-for-the-retail-industry\/#16078cd87efb\" target=\"_blank\" rel=\"noopener nofollow\">sell goods<\/a>\u00a0to customers. The rest of the world settles for good ol\u2019 IP cameras or, in some cases, webcams. The bad news is that none of them\u00a0<a href=\"https:\/\/securelist.com\/blog\/research\/70008\/does-cctv-put-the-public-at-risk-of-cyberattack\/\" target=\"_blank\" rel=\"noopener\">makes security a priority<\/a>.<\/p>\n<p>How does footage get leaked? Well, it is very simple: Many cameras are connected so as to help owners keep an eye on the area under surveillance from anywhere in the world. Access is through a Web interface. In other words, each camera has its own little website.<\/p>\n<p>This Web interface may have a full-fledged management console that can change the angle of footage, zoom in, or enable sound. In other cases, the site is just an uninterrupted stream or continuously updated images, like a TV broadcast. But here\u2019s the problem: These \u201cwebsites\u201d and \u201cbroadcasts\u201d can be easily found by specialized\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/shodan-censys\/\" target=\"_blank\" rel=\"noopener nofollow\">search systems such as Shodan and Censys<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Yet another reason you should put some tape over your webcam <a href=\"https:\/\/t.co\/aWULG4gxU8\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/aWULG4gxU8<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/scary?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#scary<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/reality?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#reality<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/TV?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#TV<\/a> <a href=\"https:\/\/t.co\/ob4reqq2E9\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/ob4reqq2E9<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/725818193357459457?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 28, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h3>Start with the right settings on your own IP camera<\/h3>\n<p>Why are so many camera feeds available that they\u2019ve gotten their own search engines? The problem, in a nutshell, is that usually both users and camera makers prioritize ease of use over device security. That\u2019s why surveillance cameras can be easily hacked with brute force.<\/p>\n<p>However, there are ways to minimize the risk. First, one should regularly update firmware and use strong passwords \u2014 and regularly change those passwords. Instructions for doing those things are usually available in the user\u2019s guide or on the product website\u2019s support page.<\/p>\n<p>Updates and strong passwords represent the bare minimum in terms of security, but unfortunately, they\u2019re no panacea: Vendors frequently delay firmware updates or vulnerability patches for months, leaving (not very) secret backdoors to cameras\u2019 interfaces. By the way, a big name does not necessarily guarantee healthy security practices. But at least well-known brands respond to governments\u2019\u00a0<a href=\"https:\/\/www.ftc.gov\/news-events\/press-releases\/2014\/02\/ftc-approves-final-order-settling-charges-against-trendnet-inc\" target=\"_blank\" rel=\"noopener nofollow\">persistent calls<\/a>\u00a0for better\u00a0<a href=\"https:\/\/www.ftc.gov\/news-events\/press-releases\/2017\/01\/ftc-charges-d-link-put-consumers-privacy-risk-due-inadequate\" target=\"_blank\" rel=\"noopener nofollow\">user security<\/a>.<\/p>\n<p>Second, one should always disable unused features. This is particularly applicable to the various cloud services with which an increasing number of cameras are equipped by default. Such services may, for example, offer remote access to footage by smartphone app or even storage for CCTV footage. Those perks are convenient indeed, but they aren\u2019t exactly transparent to the end user, and thus their\u00a0<a href=\"https:\/\/www.rapid7.com\/docs\/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf\" target=\"_blank\" rel=\"noopener nofollow\">real security level<\/a>\u00a0is not easy to assess.<\/p>\n<p>Additional measures require some measure of expertise. For example, you might enable HTTPS access to the camera. Of course, in this case you are likely to use a self-issued certificate, which would provoke repeated browser alerts, but at least it is something.<\/p>\n<p>Another thing you might do is tweak your home router to isolate your internal network from the outside, enabling exclusive access to only some select device functions. One more option is an intermediary device in the form of NAS storage. Even a basic IP camera comes with video surveillance software. Of course, in this case you should enable secure access as described above.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">How to hide from surveillance cameras: the past and the future <a href=\"https:\/\/t.co\/nBvu6No0i7\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/nBvu6No0i7<\/a> <a href=\"http:\/\/t.co\/7BAirXhWpc\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/7BAirXhWpc<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/644872513953120256?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 18, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h3>Every device has a webcam now<\/h3>\n<p>The above was all about IP cameras. As for webcams, you already know what to do. If it\u2019s a standalone camera, plug it into a USB port only when you need it. If it\u2019s an integrated laptop webcam, you can always put tape over the lens. Hate the look? There are special plastic cover kits.<\/p>\n<p>As for smartphones, the solution is even simpler: a tough, nontransparent case covering the rear camera, tape over the front-facing lens. And don\u2019t forget to use antivirus products on all devices.<\/p>\n<h3>What about other people\u2019s cameras?<\/h3>\n<p>One last thing. You cannot do anything about public surveillance cameras. Learn their locations by all means, and deliberately avoid them if you can. Doing so may look weird and might attract extra attention, though. As far as\u00a0<i>semi<\/i>-public surveillance (to coin a phrase), there are a few things you can do. We are talking here about cameras deployed in\u00a0<a href=\"http:\/\/ren.tv\/novosti\/2017-01-15\/po-tu-storonu-kamery-zhitel-tveri-opublikoval-nachalo-voyny-sosedey-v-svoem\" target=\"_blank\" rel=\"noopener nofollow\">entrance hallways and staircases<\/a>\u00a0in residential buildings.<\/p>\n<p>The relevant regulations vary from country to country. In countries like Russia, for example, an entryway is considered communal property, so the installation of surveillance needs to be approved by residents and facility management. If a camera does not allow its owner to peer into private property, the installation is usually easily approved.<\/p>\n<p>That said, before you fight the installation of an entryway camera, consider that such a camera might be helpful if you need to identify criminals in case of vandalism or burglary. Criminals might even be scared off by a camera \u2014 even a fake one. But a hidden camera or secret surveillance is definitely out of bounds. Stay away from that!<\/p>\n<p>If footage of you is leaked online without your consent, you can pursue legal avenues to have it removed. However, there are nuances to consider. First, think about the\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Streisand_effect\" target=\"_blank\" rel=\"noopener nofollow\">Streisand effect<\/a>. Second, there could be legal peculiarities about pretty much everything. For example a video from a public place containing other people beside you might not be a subject to a lawsuit.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recent news about IP cameras being hacked and private footage sold unlawfully online has bestirred the Internet yet again. Such\u00a0headlines\u00a0are now unsurprising; however, one new case has a sensitive twist:<\/p>\n","protected":false},"author":637,"featured_media":5954,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1225,1486,9],"tags":[1006,1294,43,738,783],"class_list":{"0":"post-5953","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-privacy","8":"category-threats","9":"category-tips","10":"tag-cameras","11":"tag-cctv","12":"tag-privacy","13":"tag-surveillance","14":"tag-tracking"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/webcams-hacked-again\/5953\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/webcams-hacked-again\/10846\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/webcams-hacked-again\/8436\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/webcams-hacked-again\/8960\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/webcams-hacked-again\/10119\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/webcams-hacked-again\/9858\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/webcams-hacked-again\/14179\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/webcams-hacked-again\/14119\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/webcams-hacked-again\/6747\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/webcams-hacked-again\/7172\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/webcams-hacked-again\/6280\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/webcams-hacked-again\/9816\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/webcams-hacked-again\/14637\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/webcams-hacked-again\/14179\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/webcams-hacked-again\/14119\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/webcams-hacked-again\/14119\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/cameras\/","name":"cameras"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5953","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/637"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=5953"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5953\/revisions"}],"predecessor-version":[{"id":6191,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5953\/revisions\/6191"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/5954"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=5953"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=5953"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=5953"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}