15,000 Webcams Exposed Online; Major Manufacturers

Security researcher has discovered that 15,000 private webcams around the globe are exposed and accessible by anyone with an internet connection. They appear to have been installed by both home users and businesses in multiple countries across Europe, the Americas and Asia.

They include devices from major manufacturers, including: AXIS net cameras; Cisco Linksys webcam; IP Camera Logo Server; IP WebCam; IQ Invision web camera; Mega-Pixel IP Camera; Mobotix; WebCamXP 5 and Yawcam.

More info here: https://www.infosecurity-magazine.com/news/webcam-security-snafus-expose/

Experts Comments

September 18, 2019
Jonathan Knudsen
Senior Security Strategist
Synopsys
Security is a shared responsibility between vendors and consumers. Vendors are responsible for minimising vulnerabilities in the design and implementation of their products. Consumers are responsible for deploying products in configurations that meet their own goals. It is unlikely that all 15,000 webcams were purposely exposed to the internet with no security controls in place. More likely is that consumers did not understand the implications when they set up these cameras. To some degree,.....Read More
Security is a shared responsibility between vendors and consumers. Vendors are responsible for minimising vulnerabilities in the design and implementation of their products. Consumers are responsible for deploying products in configurations that meet their own goals. It is unlikely that all 15,000 webcams were purposely exposed to the internet with no security controls in place. More likely is that consumers did not understand the implications when they set up these cameras. To some degree, consumers bear the responsibility of understanding the products they use, and understanding how they are configured and deployed. On the other hand, networking concepts and configuration are difficult and likely to be beyond the understanding of many consumers. As a consequence, vendors bear the responsibility to ship secure-by-default devices, with clear documentation about the consequences of potentially risky configurations. In any case, building and using products with only functionality in mind is no longer viable. Security must be baked in to the products themselves. Security must dictate how products are presented to consumers. Additionally, security must be understood and considered when products are deployed by consumers.  Read Less
September 17, 2019
Hubert Da Costa
Senior Vice President and GM EMEA & APAC
Cybera
As this latest incident shows, the vast numbers of end user devices, IoT, workforce mobility and multi-cloud technologies that define and advance digital transformation has an unfortunate downside of increasing the probability of data exposure and potential attack vectors to businesses. It is especially troublesome for those who may lack technical expertise, as this makes them susceptible to the many cyber threats and security risks that this new IT infrastructure can introduce. The good news .....Read More
As this latest incident shows, the vast numbers of end user devices, IoT, workforce mobility and multi-cloud technologies that define and advance digital transformation has an unfortunate downside of increasing the probability of data exposure and potential attack vectors to businesses. It is especially troublesome for those who may lack technical expertise, as this makes them susceptible to the many cyber threats and security risks that this new IT infrastructure can introduce. The good news is that securing these deployments, doesn't have to be complex - a solution to overcome them is not far behind. In this instance secure Software Defined WAN (SD-WAN) for the network edge is the answer.  Read Less
September 17, 2019
Stephen Gailey
Head of Solutions Architecture
Exabeam
Modern software development techniques are a rich source of future security bugs. Programmers nowadays are no longer scientists they are fitters – assembling third party libraries, components and tools to create a desired application. They are doing this without a clear understanding of the underlying principles of how these libraries work at a fundamental level. Any failure in one of these software components, any lack of understanding in how to assemble them – or even in how they.....Read More
Modern software development techniques are a rich source of future security bugs. Programmers nowadays are no longer scientists they are fitters – assembling third party libraries, components and tools to create a desired application. They are doing this without a clear understanding of the underlying principles of how these libraries work at a fundamental level. Any failure in one of these software components, any lack of understanding in how to assemble them – or even in how they interact with the rest of the Internet – is likely to lead to a significant future vulnerability. As in this case, even a simple operational error could leak users data. This is sensitive personal data. There is the risk, for example, that pictures of children could have been sent out to the wrong users. Unless the organisation has good data monitoring, they may never know for certain. The Internet of Things – or IoT – is exploding in popularity. As people continue to connect their household devices to the Internet, you can expect to see more of this sort of privacy breach, particularly as organisations lacking the skills or experience to build such products leap onto the IoT bandwagon.  Read Less
September 17, 2019
Jan Van Vliet
VP and GM EMEA
Digital Guardian
End users owe it to themselves to be diligent above and beyond simply securing the devices in question; they need to consider the fact that the networks – where they are small office or home networks or enterprises – require diligence and observance from a security perspective. It is foolish to assume that just because we purchase an IP-enabled device and add it to our environments that the device in question is secure or that our networks are secured to the point of mitigating.....Read More
End users owe it to themselves to be diligent above and beyond simply securing the devices in question; they need to consider the fact that the networks – where they are small office or home networks or enterprises – require diligence and observance from a security perspective. It is foolish to assume that just because we purchase an IP-enabled device and add it to our environments that the device in question is secure or that our networks are secured to the point of mitigating unwanted/unauthorized bi-directional communication and control. Manufacturers and vendors have a growing responsibility, especially in the IoT space, with respect to their technology and how it will be applied in environments, which are diverse. Ideally, all devices should be assessed for risk at the manufacturer and then again by those who are responsible for selling/implementing them in enterprises.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.