|
Shodan, a search engine for the Internet of Things, recently launched a new section that lets users easily browse vulnerable webcams, according to a story in Ars Technica.
The feed includes images of marijuana plantations, back rooms of banks, children, kitchens, living rooms, garages, front gardens, back gardens, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores, according to Dan Tentler, a security researcher who has spent several years investigating webcam security.
"It's all over the place," he told Ars Technica UK. "Practically everything you can think of."
Ars Technica said it did a quick search and turned up some alarming results:
The cameras are vulnerable because they use the Real Time Streaming Protocol (RTSP, port 554) to share video but have no password authentication in place. The image feed is available to paid Shodan members.
Shodan crawls the Internet at random looking
|
for IP addresses with open ports. If an open port lacks authentication and streams a video feed, the new script takes a snap and moves on.
While the privacy implications here are obvious, Shodan’s new image feed also highlights the pathetic state of IoT security, and raises questions about what we are going to do to fix the problem.
The U.S. Federal Trade Commission may be able to help. Ars UK spoke with Maneesha Mithal, associate director of the FTC’s division of privacy and identity protection, and she was quick to mention several examples where the organization went after at-fault companies.
"The message from our enforcement actions is that companies can’t rush to get their products to market at the expense of security," she said. "If you don’t have reasonable security then that could be a violation of the FTC Act."
For more of the Ars Technica story: arstechnica.com
|
