It's an undeniable fact of modern life: any Internet connection can be hacked. Therefore, anything you wirelessly and remotely control over the Internet is vulnerable to hackers, everything from smart meters to computers and smart TVs(with their microphone and camera attachments) and your wireless home-security and baby monitor setups (ditto).
There's no reliable way of knowing exactly how many such networks have already been hacked, though you'll see the occasional warning story in the news. Last April, for example, a family discovered that a hacker had hijacked their baby monitor and used it to spy on their infant daughter – but they only discovered this after the hacker announced his presence by screaming obscenties at the baby in the middle of the night.
So anything with an IP (Internet protocol) camera has the potential for hackability — yet there's no need to make things too easy for the hackers. Anytime you purchase a new password-protected device, you need to actually assign it a password rather than stick with the standard default password that comes installed on such devices.
Too obvious
Such advice almost sounds too obvious to mention, yet on Halloween, Vice's Motherboard tech blog reported its discovery of an unnamed website dedicated to streaming camera footage from unprotected personal IP cameras.
Last week, I sat at my computer and watched a young man from Hong Kong relaxing on his laptop; an Israeli woman tidying the changing room in a clothes store; and an elderly woman in the UK watching TV.
All of these people were completely unaware that I was spying on them, thousands of miles away, through devices that were inadvertently broadcasting their private lives on the internet. … This particular website exposes IP cameras. These are external devices typically bought to keep an eye on valuables, act as a baby monitor, or make up a home or business security system. Some of these devices come with a default password that many users do not change, which is how this site is able to access them.
For those who know how, it's quite easy to write software that automatically searches for IP camera feeds (or anything else) set with default passwords. Consider how many password-protected remote-wireless devices might be found in a typical modern home: a wi-fi router, wireless modem, perhaps a baby monitor or home security-camera system, remote-controlled HVAC systems, smart TVs and even smart smoke and fire alarms, all in addition to your everyday communication devices.
All of those password-controlled items came with default password settings — and if you haven't changed the passwords on your devices, anyone who knows the default password can easily take control of them.
Also remember, as always, to give each device a unique password all its own; avoid using the same password across multiple devices, so if someone manages to steal the password to one of your accounts or devices, he won't be able to access any more of them.
The unnamed voyeurism site claims to be engaged in a form of white-hat hacking: discovering and pointing out security flaws so they can be fixed before any “bad guys” can use those flaws for bad ends. That said, the idea of exposing live feeds into people's homes is the sort of bad end white-hat hackers traditionally help people avoid.