Basic webcam security
If you own a webcam, you might or might not intend for it to be publicly available. Whether you do or you don’t, there are some basic issues of security.
First of all, we’re talking about webcams that have their own IP and/or URL. The camera in your computer or phone is a different issue. Somebody would need to illegally hack it in order to get access to it. That’s not the subject here. Rather, most stand-alone webcams are meant to be accessible in some fashion over a network. The question is just for who.
An IP webcam will have its own IP number. It is often easy to install, sometimes as simple as connecting it to your network somehow, by an ethernet cable or by wifi. If you’re a typical internet user, you have a local network behind a DSL or cable router of some kind. You usually have one external IP address, possibly permanent, possibly not. Inside the network the router creates a range of fake IP numbers, usually a block of 256. They most commonly look like 192.168.0.1…254. There are some address ranges like that which never will be used for real out on the internet, and which therefore are useful as local only addresses. It allows you to attach many devices to your network, even though you in principle only have one real IP address. The good thing about that is that your local network is quite protected from the internet. One can not just access one of your local computers or webcams over the internet. You would have to specifically configure your router to pass the connection through. Usually one configures a “port” on the main IP to go to one of the local IPs. That’s called “port forwarding”. If your external IP was 1.2.3.4, you might route 1.2.3.4:8102 to 192.168.0.5:80. 8102 is just some random number. That means that if somebody on the net accessed http://1.2.3.4:8102 in their web browser, they would be sent to the standard web server port (80) on the device that has the IP 192.168.0.5 on your local network. And if that device has some kind of web server software that answers, suddenly that computer is accessible over the net. If it were a regular computer it could serve up web pages, and if it is an IP webcam, it might serve up video or still pictures from your cam. Which is great if that’s what you want.
If you just wanted to be able to look in on your tomatoes from the office, you might now have what you want. But if you haven’t otherwise secured the webcam, you have also allowed other people to do the same. It is somewhat hard for anybody to guess both your IP number and the port, but it could happen. Or if for some reason you’ve posted the address somewhere, for example in a forum, to allow a few friends to see your tomatoes growing, you might have ended up getting it listed in search engines, and all sorts of people might be able to see it. Which, again, is not much of a problem if you’re fine with that. It is just tomatoes, after all. But if it is your kid’s room, you’d probably not want that at all.
Almost all webcams with a web interface will allow you to set a username password for access to the video stream. I.e. one can only see it if one knows the right username and password. There can be other ways of securing it, like configuring that only people at certain IP numbers can get in. For example, you might make it so that you can see the video from your office without logging in, but nobody else can.
Most IP cams will at first not have any protection against viewing, if you haven’t yet set up username/password. Out of the box it is wide open.
A webcam also has an admin interface. That’s where you can configure various things, like its IP number, what type of network it accesses, and its username/password. Note that the admin interface itself has a username/password, which are different from the video stream’s possible username/password. Even if your video stream is public, your admin interface should never be. And you shouldn’t leave it at the factory setting either. Very often it will be something like literally “admin” and “password”. Very easy to guess, and easy for somebody to look up if they also have the manual for the same brand of camera. So change that right away.
So, to summarize:
- If you really, really don’t want your webcam visible over the internet, don’t put it on the internet at all
- Always change the admin password right away when you install the cam
- If you don’t want strangers seeing your webcam stream, put a username/password access on it
Hacking is a much more remote possibility. Start by doing the obvious stuff of configuring your system correctly.
July 11, 2014 at 1:15 pm | Security | No comment