Shocking: Website Gives Voyeurs Spy Time on Webcams
If the hairs on the back of your neck are tickling, a stranger may be watching you through an unsecured Web camera.
For a monthly fee of $49, the website Shodan gives people access to a searchable database of camera-equipped devices — think: security cameras, laptops, baby monitors, in-home surveillance cameras — that just might be focused on you.
When editors at Vocativ searched of some of the most recently added images grabbed by Shodan’s web crawler, they found views of offices, school interiors, porches and the inside of people’s homes. What’s more freaky is that along with each image, there was also a pin on a map showing the location.
Shodan does this by scanning the Internet for devices that don’t have a password, grabbing the IP addresses and indexing them along with a screen-grabbed image.
According to J.M. Porup’s report on ArsTechnica, “the cameras are vulnerable because they use the Real Time Streaming Protocol (RTSP, port 554) to share video but have no password authentication in place.”
Shodan was first developed as a pet project in 2009 by John Matherly, who was a teenager at the time. He thought the site would give large companies easy access to their myriad devices. But then hackers and researchers got wind of it.
Up until now, the site required some knowledge of techy language and so it’s mainly stayed in the realm of cybersecurity circles and out of the reach of your average voyeur. But a new feature makes it easy for any person to use.
Dan Tentler, a security researcher told Ars Technica that he estimates millions of insecure webcams could be discovered and accessed with Shodan.