About 780 webcam was identified by the research of SecNews and iGuru, in the Greek cyberspace, where everyone can watch the daily lives of thousands of Greek citizens!
Many have wondered how secure our cameras are at work or in our personal space or how easy it would be for someone to gain access without their owners knowing it.
Without wishing to scare our readers, the short answer to the question is:
It is extremely easy for anyone to access and control or watch your cameras!
At times they have seen the light of publicity cases of unauthorized access on webcam exposed personal moments of innocent citizens while impressed the way of protection the founder of Facebook Mark Zuckerberg in the camera and microphone of the personal computer!
The question raised in the middle of summer in SecNews's technology and journalistic team was "How exposed are we to Greece regarding our webcam security?"
SecNews in working with iGuru, in the context of informing the community, conducted a deep 2 month-long journalistic research recording the entire Greek cyberspace in an effort to identify weaknesses. In the first part of our research (which we publish today) we focused on publicly exposed cameras.
The way the relevant information was collected and evaluated was:
- Home scanning of the Greek cyberspace (in all published IP addresses)
- Importing the data set into a database (MongoDB)
- Optimized scanning only of active webcam exposure addresses [specific doors, specific URLs - specific users with full rights]
- Create automated python code to use default Access Passwords and access test to the found IP addresses
- Create / configure relevant webapp to search for active + port ports depending on the exposed user's IP address.
[Editors Note: The base we created is updated 3 times a week automated and is already being used for additional investigations of exposed servers and terminals, items that we will publish in the future]
It is worth mentioning that the process followed (beyond the programming side of the configuration) was particularly easy and can be done by ANY user of the internet with basic network knowledge and minimal programming.
This in itself makes the findings even more important and dangerous for the community as they do not need any specialized knowledge or hacking skills to get access to the webcam we mention and therefore everyone with minimal knowledge can watch exposed cameras !!
It is our delight that SecNews is working with its team friendly iGuru technology website, conducted for the first time a pan-Hellenic Independent Insecurity Detection Research (the first and only one that has been done in Greece on a massive scale, accurately and at such a level).
All of the findings raised particular concern among SecNews researchers who organized the research. The most alarming feature is the fact that the overwhelming majority (96%) of camera owners are unaware that they are exposed or can monitor any of their stores or companies. Specifically:
- All of the findings are about incorrectly configured webcam webcams.
- A large part of the research has identified incorrectly parameterized AVTECH cameras. It is not due to a failure of the camera itself, but to installers who did not change the default Access Passwords.
- Installers or companies that have installed closed circuits and carry the COMPLETE LIABILITY have left online access enabled AND with admin / admin default admin. Certainly we will have to look for responsibilities from the owners of these devices.
- Therefore, anyone who knows the IP address and the admin / admin port has full access to closed-circuit TVs with the ability to change settings, even changing the camera's PTZ look-alike!
- Additionally, as we have seen, in many cases the cameras are placed over stores, hotels or employees in such a place that enables the PIN code entry PIN to enter even the business e-mail passwords or corporate applications
You can see a sample below:
The Greek Webcam Exposed
It would be frivolous to publish the complete webcam list with the IP addresses we have at our disposal. If we opted for the IP addresses to be published, there was a fear of being used by malicious users, without the owner of the cameras, for a variety of purposes, but also for monitoring citizens. After meetings with the SecNews technology team, we chose to publish through custom made application.
Practically this means that whoever wants it can enter the IP address (shown at the top of the web application) or another IP address and find out if it is exposed to make a prompt fix or to notify competently.
Certainly it would be best to immediately contact AVTECH cameras with their installers and find their IP address in our application to conduct proper customization.
We would advise you to share the share https://secnews.gr/check-camera/ and your friends and acquaintances directly to check their exposure to the risk.
Respective mass searches / investigations by SecNews, not only for webcam but also for other weaknesses involving servers and networking devices and may lead to interceptions or leaks, will continue to inform and protect the community and Greek citizens.
We thank the iGuru team for technical participation and support in conducting research.