Seems like connecting to video cameras on the Internet has been a thing to do for about a decade now. The classic example was to use a search engine to identify the cameras by their URL:
The next phase was to fingerprint the more network-aware cameras with FTP and web servers to take them over with exploits, stolen credentials or different forms of management software.
The basic story was so common that by 2006 even FOX news ran a story on “hacking” cameras (700K views):
The word hacking is usually a stretch, since you are just connecting to something without any security, but eventually came some interesting reverse attacks on cameras, fooling the camera controller with a bogus stream or device to steal credentials.
Now I see a story from the New York Times that confirms video conference systems still are being setup without authentication.
Strangely, however, the NYT mentions nothing of the long history and background to the problem. The NYT story then gets echoed as if this issue was only just discovered. Is anyone really surprised that cameras are still exposed in 2012?
Simply put, customers do not demand that vendors ship the product in a safe-mode. Vendors do not change because they say customers want easy, not secure. Some might see this as yet another “hot coffee” moment waiting to happen.
Perhaps we can hope a NYT version of the story will have some effect on market tolerance for silent yet weak defaults. The story probably will have more effect than years of warnings in forum discussions and local news videos. But until then, more cameras will be connected to the network while the ability to find, index and connect to them will stay trivial.
in order to keep the camera from getting hacked, there are some basics that should be done. for example, even the first thing that a lot of people don’t pay attention to is to change the default passwords.