Website spies on thousands of people to shed light on security flaw
Insecam, which says it wants "to show the importance of the security settings," is broadcasting live feeds of thousands of people who didn't reset their security camera's pre-programmed password.
Here's something you probably already know: using a default password isn't at all secure.
Even so, well-known security camera companies like Foscam, Linksys and Panasonic pre-program simple logins for their users during the initial setup and leave it up to them to reset their passwords later -- or not.
And whether consumers forget or simply fall into "password fatigue" (which refers to the dread one feels when having to once again come up with a unique, complex alphanumeric code), many people continue to rely on "admin" or "1234" as the single line of defense between their security camera feeds and hackers.
Insecam, a site which says its mission is "to show the importance of the security settings," is taking itself very literally by broadcasting the live feed of every absentminded/password fatigue victim in the world on its site -- except, of course, there's no indication that they've actually told any of these people that they're doing this.
The result is the creepy and potentially dangerous reality of security camera security. Insecam is streaming over 11,000 cameras in the US, nearly 2,500 in the UK, six in Tanzania and others everywhere in between, including offering latitude and longitude markers and a helpful link to Google Maps. There's footage of people hanging out in living rooms, kids sleeping in their beds, garages, neighborhoods, businesses and more.
Foscam COO Chase Rhymes told Motherboard that it has updated its security protocols so users must immediately pick a new login. The Foscam Plug and Play Wireless IP Camera FI9826P I tested recently did, in fact, force me to update my password right away.
Other companies, such as Dropcam and Samsung , make you register with your own username and password up front. Still, there are thousands of people relying on a default password. Fortunately, a quick password change is all it should take to get your video feed off the Web.