Internet Protocol (IP) cameras, available from around £70, plug into a corporate computer network or a domestic broadband system and can transmit live footage or individual images across the internet.
The internet has changed the way that security surveillance cameras are being deployed in offices, nurseries, schools, factories, shops and hospitals.
However, few who install IP surveillance cameras seem to be aware of the need to configure the cameras’ security settings correctly. Consequently, the live security camera output is visible to the world at large. By using an internet search engine such as Google, computer users can locate and view hundreds of unprotected cameras, it is claimed.
The problem is being highlighted by Robert Schifreen, IT security consultant and most recently author of the book Defeating The Hacker (published by Wiley, 2006). He has christened those who surf the web in search of unprotected private surveillance cameras "video hams", as a successor to the radio amateurs of old.
IP cameras are widely available through traditional and online retailers. Wi-fi versions are also available, which can be installed anywhere in just a few minutes even if no network socket is available. Many even have PTZ features, whereby the camera can be panned, tilted and zoomed remotely so that the operator can focus on a person or activity of particular interest.
"Allowing your company’s surveillance system to be visible over the internet is just asking for trouble", says Schifreen. "There are serious privacy issues in allowing the general public to watch your staff going about their work behind closed office doors. Allowing your competitors to see how your company operates is madness. And unfettered access to PTZ facilities makes it simple for a thief or shoplifter to divert a camera away from where he intends to strike."
"We’re not talking about hobby webcams here, which were always intended to be viewable by the general public," adds Schifreen. "The systems being targeted by video hams are private surveillance cameras. All of which come with security facilities such as password protection built in, if only the purchasers were aware of them."
Schifreen suggests that anyone buying an IP camera for surveillance follows three rules:
1) Enable the camera’s in-built password protection, rather than allowing the pictures to be streamed to anyone who knows how to use a search engine.
2) If you really need the camera to be accessible over the internet rather than within the confines of your company’s internal network (LAN), configure your firewall so that the camera can only be accessed from specific locations or workstations.
3) Once you’ve set up the firewall option, test it by attempting to connect from a prohibited location.
For pictures taken from poorly protected IP surveillance cameras, visit www.defeatingthehacker.com/videoham
