Shodan implements a feature to browse vulnerable webcams, including the one that is monitoring your kids while sleeping.
The explosion of the paradigm of the Internet of things has dramatically enlarged our surface of attack, it is quite easy to locate vulnerable devices and hack them by using search engines like Shodan and Censys.
Both platforms allow finding specific types of Internet-connected devices (routers, servers, hard drives, webcams, etc.), they represent a privileged instrument for IT professionals, hackers and obviously also crooks.
One of these search engines, Shodan, has now created a new dedicated section for vulnerable webcams, the news was first reported by Ars Technica.
“Shodan, a search engine for the Internet of Things (IoT), recently launched a new section that lets users easily browse vulnerable webcams.” states the post published by Ars. “The feed includes images of marijuana plantations, back rooms of banks, children, kitchens, living rooms, garages, front gardens, back gardens, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores, according to Dan Tentler, a security researcher who has spent several years investigating webcam security.”
The webcams are everywhere and are used for several purposes, including the monitoring of kids sleeping.
Webcams are becoming even more, popular, this means that threat actors in the wild can easily hack them and access kitchens, garages, swimming pools, colleges and schools, and cash register cameras in retail stores.
Recently I posted about an intriguing experiment dubbed @FFD8FFDB, the researcher behind it developed a Twitter bot that spies on poorly configured cameras tweeting the images captured by the connected devices.
The Shodan search engine crawls the Internet searching for webcams, this is possible looking IP addresses with open ports that lacks authentication and streams a video. When Shodan locates an open webcam it also takes a picture of the surrounding environment, the operation is quite simple by exploiting the Real Time Streaming Protocol (RTSP, port 554) poorly implemented by the webcams to share video, that lack of authentication mechanism.
While free Shodan accounts are only able to search webcams using the filter port:554 has_screenshot:true (be aware you need to be logged in with a free account to view results).
Shodan Payment accounts offer the access to the image feed through the images.shodan.io feature.
Administrators need to carefully configure their system before exposing them on the Internet, for example by protecting them with a form of authentication.
Be careful, threat actors can violate your privacy easily!
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.