It’s Christmas time, and there may be an IP camera for you underneath the Christmas tree. Besides unpacking and connecting it with your WLAN, you should also check its configuration and ensure that unwanted third parties can’t access it.
In this article, we show you how attackers can quickly locate your camera’s physical location and provide tips on how you can secure your device.
Always stay in the loop!
Subscribe to our RSS/Atom feeds.
Back in May, we already showed risks that come along with IP cameras. We won’t repeat everything of this article, but give you two examples of how attackers locate your home.
As of now, querying censys.io for IPv4 addresses tagged with “camera” in the Czech Republic (location.country_code: CZ AND tags: camera) reveals 718 cameras. In total, censys.io lists nearly 78,000 cameras. Of course, censys.io is only one search engine to find publicly accessible IP cameras. There are likely many more IP cameras showing private areas like living rooms, bedrooms, or front yards.
In summary, attackers will likely find your IP camera if there are no protective measures in place. There are obvious risks of publicly available live streams:
- Attackers can use this information to observe your daily routines.
- Attackers can use their knowledge for social engineering.
- Attackers try to use default credentials to log into your camera and learn about your home network.
Moreover, attackers can try to pinpoint your home using the live stream of your camera. We will show you two examples below.
Two examples of pinpointing cameras
It’s easy to physically locate most cameras given their live image and approximate location based on their IP address. Let’s have a look at two publicly accessible live streams that show public areas.
Example 1: Camera somewhere in Prague, Czech Republic
According to its IP address, the following camera is located somewhere in Prague, Czech Republic. Prague is home to about 1.3 million people and has an urban area of 298 km². Prominent features in the picture are tram tracks, the sidewalk patterns, and the park on the other side of the street.
Of course, an IP address pointing to Prague doesn’t mean that this camera is located in Prague. However, there are only seven cities in the Czech Republic that operate trams. Every city has its design and colors for trams. An observer only has to wait several minutes until the next tram passes. The tram design clearly points to Prague.
Furthermore, an observer sees the tram lines 3 and 8. The lines limit the camera’s possible location to a 3 km long part of Sokolovská street in Karlín, Prague. There is only one location with a park on the other side of the street, shown in the following picture.
Using the “panorama” feature of mapy.cz finally reveals the camera’s physical location, as shown below:
Locating this camera took about 5 minutes. Moreover, there are two additional live streams accessible via the IP address. There is another camera on the front facade and one camera in the building’s entrance hall, filming all residents and visitors.
Example 2: Camera somewhere in the Czech Republic
Another camera is located somewhere in the Czech Republic, according to its IP address. The approximate location of the IP address is also Prague. However, the real area can’t be Prague according to the small size of the houses in the picture.
In the upper left corner, the stream shows “Zdirec n.D.” This label points to the city of “Ždírec nad Doubravou” in the Czech Republic. A prominent feature in the picture is a small park surrounded by apartment blocks.
Ždírec nad Doubravou is a town in the Vysočina Region that lies between Pardubice and Jihlava and has a population of 3,120. Looking at the aerial map of the town reveals only one possible location: a park in the Northern part of the town.
Finally, we switch to the “panorama” feature of mapy.cz to digitally stand in front of the house with the camera.
Sometimes, attackers are in full control
The two examples above show how attackers can quickly pinpoint the physical locations of cameras. Besides, they can learn about the camera manufacturer, model, configuration, and much more. We discussed other examples in our article about metadata in image files.
Sometimes, attackers can:
- Rotate your camera to look around.
- Start audio recording for eavesdropping.
- Connect to your WLAN by using the password disclosed by the camera.
- Hack other devices within your WLAN.
- Disable recording at all.
- Format your storage cards.
- Delete log files to erase all traces.
Don’t let attackers in your home!
Secure your camera
We provide some tips to secure your camera:
- Don’t buy cheap cameras that don’t have any security features (hopefully, you didn’t get a cheap camera for Christmas).
- Change default usernames and passwords.
- Enable HTTPS, if available.
- Update your camera’s firmware.
- Disable port forwarding and UPnP.
- Use WPA2-PSK-CCMP (sometimes called WPA2-AES) only.
- Turn off your camera when you don’t need it.
- Regularly check its log files.
- Use network segmentation, if available (e.g., by connecting your IP camera with your guest network only).
- Regularly check its settings and change passwords.
Finally, always remember that no device on earth is or will ever be 100% secure. Regularly check news feeds to learn about disclosed security vulnerabilities that may affect the security of your camera.
Follow us on Mastodon:
Keep in mind that IP cameras are just another IP device in your home network. Some of them are publicly accessible while their owners never learn about this. Talk about this problem with people who own cameras and help to secure cameras, if possible.
Thank you, and Merry Christmas 2018!