Webcam search engine raises privacy concerns for connected devices

TORONTO -- A young child asleep on a couch in Israel. Mourners huddled together at a small funeral in Brazil.

See Full Article

An elderly woman stretching in a fitness centre in Poland. All available for anyone to watch via the unsecured webcams overhead.

This isn't "1984," it's the world in 2016. Shodan, a search engine that indexes computers and devices rather than information, now allows users to pull screenshots from nanny cams, security cameras and other connected devices around the world that don't ask for a username or password.

Those screenshots are connected to an IP address, a unique identifier for each Internet connection or device that can be traced back to a general geographic area.

Anne Cavoukian, former Ontario privacy commissioner and now the executive director of the Privacy and Big Data Institute at Ryerson University, said she was appalled when she saw the Shodan webcam search in action.

Yet, she said, it's only a symptom of the wider problem with the so-called Internet of Things, where many webcams and other connected devices such as wearables, TVs and thermostats ship with a low level of security -- and some with none at all.

"It allows people to steal glimpses of personal spaces in people's homes, places of work, or inside a hospital -- our most private spaces," she said.

Emails sent to Shodan's general inbox requesting comment were not answered.

Cavoukian is among those spurring the development of the privacy-by-design approach, urging software companies and manufacturers to build privacy protections into their products from the get-go.

She said it's not enough for companies to give consumers the option to turn on security and privacy measures, because many customers don't have the time or the know-how to dig through the options of every device they own.

And the responsibility of companies to secure their products has never been more urgent, she said, as computers and networks are increasingly invading the home in cars, refrigerators, wearable devices and even baby monitors.

"The minute someone outside has eyes through these webcams into these networks, they're going to see and know everything," she said.

Abhay Raman, a cyber security expert at EY, said some companies cut corners on security in order to make things cheaper for the customer and make it easier for different devices to communicate.

"Designing specifically for various security levels gets more complicated, more involved, with more testing," he said. "Programmers take the easy route in enabling as many features as you can."

Companies, especially those bringing new technology to the market, should offer their customers a privacy nutrition label, Raman said, listing what their device or app does, what it's accessing and why it needs to do so.

"We're going to learn these things as we evolve, but I think it's incumbent on the vendors to provide enough information to help the user make a decision," he said.

Larger companies such as Microsoft, Apple and Facebook have worked to build privacy features such as two-factor authentication into their offerings, he said, yet the bottom line is still a driver for some companies to skimp on security.

Stephen Cobb, a senior researcher at IT security company ESET, said public awareness of security and privacy of connected devices jumped after the well-publicized hack of a Jeep Cherokee in 2015 in which two security researchers demonstrated they could remotely control the vehicle.

That vulnerability was fixed by Fiat Chrysler America after a 1.4 million-vehicle recall, but Cobb said it was inevitable that more security issues will come to the fore as more devices are connected to the Internet.

What's worse, he said, is that while auto companies have procedures in place to contact customers and deal with defective products, digital equipment manufacturers often have no idea who is buying and using their products.

"Most people haven't ever updated their router or updated the firmware on their webcam," he said.



Advertisements

Latest Tech & Science News

  • U.S. government backs down on request for visitor logs of Trump protest website

    Tech & Science CBC News
    The U.S. government is revising its request for data from an anti-Trump protest site to exclude a log of its visitors, according to a brief filed in Superior Court today, saying it has "no interest" in the records. Source
  • Researchers harness human waste to make products in space

    Tech & Science CBC News
    Deep space missions come with challenges, not the least of which is limited storage space. But scientists are finding ways to reduce the amount of supplies and costly shipments astronauts need on missions, partly by making use of what's already on hand — including human waste. Source
  • Researchers harness human urine to make products in space

    Tech & Science CBC News
    Deep space missions come with challenges, not the least of which is limited storage space. But scientists are finding ways to reduce the amount of supplies and costly shipments astronauts need on missions, partly by making use of what's already on hand — including human waste. Source
  • Two newest astronauts moonstruck as Canada looks beyond space station

    Tech & Science CTV News
    MONTREAL -- Canada's two newest astronauts are already looking beyond the International Space Station as they begin two years of intense basic training. Joshua Kutryk points out that Canada is committed to the space station until 2024 along with its international partners. Source
  • Farming has changed climate almost as much as deforestation

    Tech & Science CBC News
    Agriculture has contributed nearly as much to climate change as deforestation by intensifying global warming, according to U.S. research that has quantified the amount of carbon taken from the soil by farming. Some 121 billion tonnes (133 billion tons) of carbon have been removed from the top two metres of the earth's soil over the last two centuries by agriculture at a rate that is increasing, said the study in PNAS, a journal published by the National Academy of Sciences. Source
  • Water down your whisky for better flavour: scientists

    Tech & Science CBC News
    On the rocks, neat, or with water? Ask whisky fans and you'll find it's a contentious topic. However, researchers in Sweden say mixing your scotch with water is the best way to maximize the flavours. Source
  • Parents warned to monitor teen use of app Sarahah

    Tech & Science CTV News
    WINNIPEG - The Canadian Centre for Child Protection is warning parents of the dangers of an app popular with teens called Sarahah. The app allows users to send anonymous "constructive criticism" to friends and co-workers, but critics say it has turned into a platform for cyberbullying and harassment. Source
  • Canada's new astronauts take tips from veterans in space

    Tech & Science CBC News
    Canada's two new astronaut recruits will get a chance to pick the brains of the experienced astronauts currently working aboard the space station today. They'll also speak publicly for the last time before heading for two years of intensive basic training at Johnson Space Center in Houston, Texas. Source
  • Google's next version of Android will be called 'Oreo'

    Tech & Science CBC News
    An upcoming update to Google's Android software finally has a delectable name. The next version will be known as Oreo, extending Google's tradition of naming each version after a sweet treat. L’ready or not, you’ve made it to the sweet treat hall of fame. Source
  • After Lollipop. Marshmallow and Nougat, here comes Oreo

    Tech & Science CBC News
    An upcoming update to Google's Android software finally has a delectable name. The next version will be known as Oreo, extending Google's tradition of naming each version after a sweet treat. L’ready or not, you’ve made it to the sweet treat hall of fame. Source