Webcam search engine raises privacy concerns for connected devices

TORONTO -- A young child asleep on a couch in Israel. Mourners huddled together at a small funeral in Brazil.

See Full Article

An elderly woman stretching in a fitness centre in Poland. All available for anyone to watch via the unsecured webcams overhead.

This isn't "1984," it's the world in 2016. Shodan, a search engine that indexes computers and devices rather than information, now allows users to pull screenshots from nanny cams, security cameras and other connected devices around the world that don't ask for a username or password.

Those screenshots are connected to an IP address, a unique identifier for each Internet connection or device that can be traced back to a general geographic area.

Anne Cavoukian, former Ontario privacy commissioner and now the executive director of the Privacy and Big Data Institute at Ryerson University, said she was appalled when she saw the Shodan webcam search in action.

Yet, she said, it's only a symptom of the wider problem with the so-called Internet of Things, where many webcams and other connected devices such as wearables, TVs and thermostats ship with a low level of security -- and some with none at all.

"It allows people to steal glimpses of personal spaces in people's homes, places of work, or inside a hospital -- our most private spaces," she said.

Emails sent to Shodan's general inbox requesting comment were not answered.

Cavoukian is among those spurring the development of the privacy-by-design approach, urging software companies and manufacturers to build privacy protections into their products from the get-go.

She said it's not enough for companies to give consumers the option to turn on security and privacy measures, because many customers don't have the time or the know-how to dig through the options of every device they own.

And the responsibility of companies to secure their products has never been more urgent, she said, as computers and networks are increasingly invading the home in cars, refrigerators, wearable devices and even baby monitors.

"The minute someone outside has eyes through these webcams into these networks, they're going to see and know everything," she said.

Abhay Raman, a cyber security expert at EY, said some companies cut corners on security in order to make things cheaper for the customer and make it easier for different devices to communicate.

"Designing specifically for various security levels gets more complicated, more involved, with more testing," he said. "Programmers take the easy route in enabling as many features as you can."

Companies, especially those bringing new technology to the market, should offer their customers a privacy nutrition label, Raman said, listing what their device or app does, what it's accessing and why it needs to do so.

"We're going to learn these things as we evolve, but I think it's incumbent on the vendors to provide enough information to help the user make a decision," he said.

Larger companies such as Microsoft, Apple and Facebook have worked to build privacy features such as two-factor authentication into their offerings, he said, yet the bottom line is still a driver for some companies to skimp on security.

Stephen Cobb, a senior researcher at IT security company ESET, said public awareness of security and privacy of connected devices jumped after the well-publicized hack of a Jeep Cherokee in 2015 in which two security researchers demonstrated they could remotely control the vehicle.

That vulnerability was fixed by Fiat Chrysler America after a 1.4 million-vehicle recall, but Cobb said it was inevitable that more security issues will come to the fore as more devices are connected to the Internet.

What's worse, he said, is that while auto companies have procedures in place to contact customers and deal with defective products, digital equipment manufacturers often have no idea who is buying and using their products.

"Most people haven't ever updated their router or updated the firmware on their webcam," he said.



Advertisements

Latest Tech & Science News

  • How artificial intelligence is taking on ransomware

    Tech & Science CTV News
    NEW YORK -- Twice in the space of six weeks, the world has suffered major attacks of ransomware -- malicious software that locks up photos and other files stored on your computer, then demands money to release them. Source
  • Petya vaccine is a ransomware fix, but 'not a silver bullet'

    Tech & Science CTV News
    A defence has been found against the so-called Petya virus attempting to cripple Microsoft Windows-based networks across the globe, although experts say it must be applied to each computer individually and will not kill the bug altogether. Source
  • Carcass of right whale being towed to P.E.I. to determine cause of death

    Tech & Science CTV News
    NORWAY, P.E.I. - The Canadian Coast Guard and Fisheries and Oceans hope to beach a dead right whale on a Prince Edward Island shore today in an effort to learn what has killed at least six of the endangered mammals in recent weeks. Source
  • Canada's top court backs order for Google to remove firm's website from global searches

    Tech & Science CBC News
    The Supreme Court of Canada has upheld a B.C. court ruling that ordered Google to remove the website of a company from its global search results. "The appeal is dismissed and the worldwide interlocutory injunction against Google is upheld," wrote the court in its decision issued Wednesday morning. Source
  • New made-in-China navy destroyer launches in Shanghai

    Tech & Science CTV News
    BEIJING -- China's increasingly powerful navy launched its most advanced domestically produced destroyer on Wednesday, at a time of rising competition with other naval powers such as the United States, Japan and India. The first 10,000-ton Type 055 entered the water at Shanghai's Jiangnan Shipyard on Wednesday morning, the navy said in a statement. Source
  • Increasingly wild weather could lead to rising air travel costs

    Tech & Science CBC News
    Be prepared to pay more for airfare if climate change continues to alter weather patterns, increasing the frequency and severity of storms, say climate change and airline industry experts. Daniel Scott, a climate professor at the University of Waterloo in Ontario, said travellers should also expect more flight delays and cancellations amid recurring snowstorms, thunderstorms and bouts of freezing rain. Source
  • Cambodian conservationists find rare cache of crocodile eggs

    Tech & Science CTV News
    PHNOM PENH, Cambodia - Wildlife researchers in Cambodia say they've found a clutch of eggs from one of the world's most endangered crocodiles, raising hopes of its continuing survival in the wild. The New York-based Wildlife Conservation Society said Wednesday that its researchers, along with Fisheries Administration employees and local residents, had found six eggs of the Siamese Crocodile in the southern province of Koh Kong as they were exploring for tracks, signs and dung of the…
  • Found in Cambodia: Clutch of eggs from one of the world's most endangered crocodiles

    Tech & Science CTV News
    PHNOM PENH, Cambodia -- Wildlife researchers in Cambodia say they've found a clutch of eggs from one of the world's most endangered crocodiles, raising hopes of its continuing survival in the wild. The New York-based Wildlife Conservation Society said in a statement Wednesday that its researchers, along with Fisheries Administration employees and local residents, found six eggs of the Siamese Crocodile in Sre Ambel District in the southern province of Koh Kong as they were exploring for tracks,…
  • New, highly hostile strain of ransomware cripple networks worldwide

    Tech & Science CTV News
    PARIS -- A new, highly virulent strain of malicious software that is crippling computers globally appears to have been sown in Ukraine, where it badly hobbled much of the government and private sector on the eve of a holiday celebrating a post-Soviet constitution. Source
  • New, highly hostile strain of ransomware cripples networks worldwide

    Tech & Science CTV News
    PARIS -- A new, highly virulent strain of malicious software that is crippling computers globally appears to have been sown in Ukraine, where it badly hobbled much of the government and private sector on the eve of a holiday celebrating a post-Soviet constitution. Source