Hacker News new | past | comments | ask | show | jobs | submit login
Insecam: Directory of Unsecured Surveillance Cameras (insecam.org)
119 points by joan_kode on July 13, 2020 | hide | past | favorite | 44 comments



A few years ago, while browsing the feeds from my country, I had spotted a camera showing a bedroom with a young child playing. The camera in question was using UPnP to enable port forwarding by default – with a standard password.

After looking up the ip address, I notified the ISP which in turn notified the customer and the camera was taken offline within hours.

While it may not be unexpected to us that such insecure cameras are sold, less tech-savvy users simply don't know about the risks.


Some time ago I went through the list of my country (France), and some were definitively not supposed to be here.

One was in a retail shop like 100m from our office, one of my colleagues actually went there to warn the personel, and it was taken down in the next minutes (I think they cut off the power of the cameras until necessary action was taken).

An other one was in a restaurant, right above the cashier and (most importantly) the credit card terminal. The name of the restaurant was visible on a floor mat, so I could find very easily the website and the e-mail address to send an e-mail to. But then I struggled when writing the e-mail. I didn't want to sound like a hacker (and was afraid to be prosecuted), but also I really wanted them to take it down, by citing some laws here in France that is very strict about video surveillance on the workplace.

In the end I didn't send any email. I'm not a lawyer, and there was too much risk IMO. Maybe I'll try going through the ISP next time I browse the cameras.


Couldn't you have made a throwaway email address? Plus, connect through a VPN just in case they refer the case to the authorities.

It'd be ironic if they threw more resources at finding the "hacker" than at securing their network...


I had thought of that, but I think that would only have decreased the probability for the receiver to actually open the email. At this point it hit my own "Return Over Time Investment" threshold, and I figured I'd better use my time helping my own circle to secure their stuff.


Good work.

It's to be also noted that you live in a country, where ISPs understood what you were telling, understood its urgency, communicated properly with the affected party and remedied it within hours.

There are countries where, in order to talk to a person who understands there is a public facing IP camera it will take extraordinary effort at best and at worst you will be termed 'hacker' for visiting the 'Insecam' website and police will knock on your door within next couple of months to a year; Now good luck finding someone in the police who will listen to you and actually understands it.


It’s great that you went through the trouble to alert them.

It would be nice to automate this flow as much as possible to reduce the friction for concerned people.


I like that idea. Maybe one of those auto-lawyer websites could send it, like to absorb blowback in case the recipient flips out. Because they often do.


Years ago there was a Mac screensaver that showed a random insecure camera feed each time it activated. Lots of dark roads and driveways, but weirdly fascinating all the same. Don’t think it’s working any more - maybe this could be the base for a new one.


You might be thinking of the Surveillance Saver.

I have a buddy who did a revival a few years back, don't know how bit rotted it is but here's a link:

https://www.awgh.org/archives/295


Oh man, using that at work could backfire soooo badly :)

Imagine someone forgetting to protect the security cams of their meth lab or brothel.


Sitting in a cold office in Denmark, I miss travelling to places like this: https://www.insecam.org/en/view/238958/


Looks like a great place though I'd pick a hotel with better IT security :P Edit: Actually as it's only an advertising cam for their website they have a valid reason not to secure it :)

PS: Living in Spain so I don't have much to complain about.


A camera like this makes me question something - why was it installed in the first place? You can't distinguish things like license plates on cars or faces (I doubt ML helps here either). So what is this for? The view is beautiful, but I fail to see the purpose of it.


Advertising. It's linked from the hotel's website: https://www.royalhotelsanremo.com/en/webcam-sanremo


Ah and in this case it actually makes sense for it to have no password. Unlike many of the elevator and office cams I'm seeing ;)


I'd love to visit your cold office, because here it's 37° C, very humid, and it's still a week away from the dog days of summer. Air conditioning can only do so much in this humidity.


> NOTE: The coordinates are very approximative and have accuracy in hundreds of miles

Indeed, Torino is not exactly on the sea. How are this location obtained, geoip?


While this kind of content is not unprecedented (think Shodan.io), I haven't seen a browser with full previews like this.. Nice!! Good official public webcams are pretty rare so this will be useful to look around the world.


I don't think these are official public webcams. At least, that's how I interpret their FAQ:

https://www.insecam.org/en/faq/


I recognize one in Austin as being the "official UT tower cam": https://www.universitycoop.com/tower-cam


Some of the cameras near me are clearly pointed at scenery. I won't presume anything about why they are pointed at scenery and insecure; but I also won't presume that they are intended to remain private.


Still, I'm surprised they pretty much all have such miserable quality.

I used to have one overlooking the river in my mother's house. I spent a lot of time tuning it so it looked really great, both day and night (at night using really long exposure times). I used high quality webcams at first and then the 5MP raspberry cam (later modded with a better lens).

But even the "1080p" security cams that cost $200 or more have horrible quality compared to those. They're good for security purposes yes, but I wouldn't use them to advertise the views from a hotel.

I really wish there were some really HQ webcams around the world, think 4K or even 8K (so you could zoom in even on a 4K screen), with good night performance, it would be so great to really get a feel for a city. These cams are just so poor.


I live in a well-known vacation spot.

One camera pointed at a ski slope. (The location was wrong.) For all I know, it could be on some ski slope's web page under "current conditions."

Other cameras have ocean or downtown views.


I know, that's what I meant, official webcams are rare to find, so it's nice to have some more coverage this way, unofficial of course.


Just an FYI: I had to disable Ghostery in order to see the streams. I suspect one of the components this site relies on is typically blocked because its used for adware or tracking.


Related, I put this together a couple of years ago to highlight the severity of a hard-coded backdoor in Hikvision IP cameras:

https://ipvm.com/reports/hik-hack-map


Interesting project but a note of caution - accessing any resources without permission will presumably be considered hacking in many jurisdictions.

IANAL and don't claim this would mean a likely prosecution risk, just something to bear in mind.

Happy to be corrected!


Looks like a nice alternative VNC Roulette [1] :)

[1] https://news.ycombinator.com/item?id=8810366


If you click on any of the cam feeds, just above feed is a link to location, which will scroll you down and you get a map of all the cams you can navigate - in Russian.


This is both fascinating and creepy at the same time .. While i enjoy seeing Torino beach video (submitted by another HN'er). Felt creepy seeing this :(

https://www.insecam.org/en/view/833447/

Looks like a call center of sorts , essentially an IT company , not keeping their shit secure :(


Looks like the traffic here has alerted them ;) It's gone now.


How’s this different from shodan?

https://en.wikipedia.org/wiki/Shodan_(website)


Shodan isn't a directory of webcams the same way Google isn't a directory of webcams. Shodan indexes metadata about all devices connected to the Internet, some of them are webcams. Compared to the rest of the index though they make up a tiny fraction of the data. Shodan also indexes light bulbs, refrigerators, power plants, Minecraft servers, Kubernetes clusters and anything else that runs on a port.


Quite a few people using cameras to monitor systems, e.g. pointed at LCD displays. Nice throwback to the original webcam watching a coffee pot.


So many 3D-printers!


I was going thru the UK ones and only seen one so far, but oh, so many cars in the driveway. Still looking for local ones, closest was 4 miles away. Part of me wants to find something local, drop a note thru their door.


Many have their location miscategorised though. I saw some with a town name on-screen which was different (but usually nearby) the city listed on the site.

They probably do an IP location lookup which tends to be pretty inaccurate.


Yes, St Michael's Mount in Cornwall seems to have been moved to London... https://www.insecam.org/en/view/845188/#details


Indeed, and this is very far from Brixton! https://www.insecam.org/en/view/370031/


Exactly! I suppose users are trying to view the status or their print job. https://www.insecam.org/en/view/805349/


I guess we can conclude Axis cameras are not secure


No, you can conclude that Axis cameras are by far the market leader in the IP CCTV space.


I believe the original Dropcam was an Axis with reverse-engineered (new) firmware.

They still run!


How are these cameras hacked then? It's a choice by the user(some setup)?




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: