IP cameras are affordable and ubiquitous. You can conveniently monitor your home from almost everywhere. However, hundreds of IP cameras are unmaintained and vulnerable to attackers. In the worst case, exposed IP cameras can be misused to locate your physical address.
In this article, we show how attackers may locate your camera’s physical location and provide tips on securing your device.
Always stay in the loop!
Subscribe to our RSS/Atom feed.
In another article, we share risks coming with unmaintained IP cameras.
Querying search engines like censys.io for IPv4 addresses tagged with “camera” in the Czech Republic reveals more than 2,000 devices in September 2021. Apart from these search engines, thousands of bots scan the internet with each passing minute.
Attackers likely find your IP camera on the internet if there are no protective measures in place, resulting in obvious risks:
- Attackers may manipulate or disable your IP camera.
- Attackers may misuse your vulnerable IP camera as the access point to your home network, and attack other devices that aren’t connected to the internet.
- Attackers may observe your daily routines and record you.
- Attackers may conduct social engineering by misusing this information.
Attackers can try to pinpoint your home by using the live stream of your camera. We show two examples below.
Two examples of pinpointing cameras
It may be easy to physically locate cameras, given their live image and approximate location based on their IP address. Let’s have a look at two publicly accessible live streams showing public areas.
Example 1: Camera somewhere in Prague, Czech Republic
The following camera is located somewhere in Prague, Czech Republic, according to its IPv4 address. Prague is home to more than 1.3 million people and has an urban area of 298 km².
First, we look for prominent features in the picture: You see tram tracks, special patterns on the sidewalk, and a park on the other side of the street.
We can see passing trams if we wait for several minutes. As there are only seven cities in the Czech Republic operating trams, we can quickly verify that this stream is in Prague since the seven operators come with their own designs and colors for their trams.
By looking at the passing trams, we see the tram lines passing this camera are the lines 3 and 8. The lines limit the camera’s possible location to a 3 km long part of Sokolovská street in Karlín, Prague. There is only one location with a park on the other side of the street, shown in the following picture.
Using the “panorama” feature of mapy.cz reveals the camera’s physical location, as shown below:
Locating this camera took about five minutes. Even worse, there are two additional IP cameras accessible via the same IP address but other ports. Another camera is on the front facade and one camera is in the building’s entrance hall, filming all residents and visitors of the building.
Example 2: Camera somewhere in the Czech Republic
Another camera is located somewhere in the Czech Republic, according to its IP address. The approximate location of the IP address is Prague again. However, looking at the camera’s stream, the small houses don’t look like anything in close proximity of Prague.
In the upper left corner, the stream shows “Zdirec n.D.” This label points to the city of “Ždírec nad Doubravou” in the Czech Republic. A prominent feature in the picture is a small park surrounded by apartment blocks.
Ždírec nad Doubravou is a town in the Vysočina Region that lies between Pardubice and Jihlava. It has a population of 3,120. The aerial map of the town reveals one possible location: a park in the Northern part of the town.
We switch to the “panorama” feature of mapy.cz to digitally stand in front of the house with the camera.
Locating this camera was easy again.
Attackers may be in full control
The two examples above show how attackers can quickly pinpoint the physical location of cameras. They can learn about the camera’s manufacturer, model, configuration, and much more.
Attackers may be able to:
- Rotate your camera to look around.
- Start audio recording for eavesdropping.
- Connect to your WiFi by using the WiFi password disclosed by the camera.
- Hack other devices within your WiFi network.
- Disable recording at all.
- Format your storage cards to delete all recordings.
- Delete log files to erase any traces.
Secure your camera
Consider the following to secure your cameras and similar IoT devices:
- Look for security support before buying a new camera (e.g., Does the manufacturer provide security updates?, Are there any negative reports regarding cyber security about this camera?).
- Change the default credentials of your camera, including usernames and passwords. Manuals may include the default credentials, allowing attackers to log in easily.
- Update your camera’s firmware frequently. Do not forget your device. It runs software as any other computer. Unpatched security vulnerabilities might be exploited to bypass strong credentials.
- Harden your device by enabling HTTPS and disabling unused or dangerous features like port forwarding and UPnP.
- Use WPA3-SAE to protect your wireless network traffic. If WPA3-SAE isn’t available, use WPA2-PSK-CCMP (sometimes called WPA2-AES).
- Shut down your camera if you don’t need it.
- Regularly check your camera’s log files for anomalies, such as configuration changes, failed login attempts, and restarts.
- Regularly recheck your camera’s settings.
- If you are tech-savvy and own appropriate hardware, set up a dedicated VLAN for your camera and configure strict firewall rules. Attackers won’t be able to attack other devices if deployed correctly.
Your IP camera is another computer running on your home network. Never assume that your camera is 100% secure and hidden from attackers. Carefully check its settings, harden its configuration, and monitor your device.
We republished this article in September 2021.