If you have an web-connected camera, you should change your password ASAP.
For just 188 yuan ($28), you can buy software that would allow you to hack into connected cameras, Chinese state broadcaster CCTV warns.
SEE ALSO:Apple's new acquisition wants to watch you while you sleep (but not in a creepy way)Such software can easily scan for and access vulnerable devices, which are commonly used as baby monitors and surveillance cameras in the home.
Hackers in China have also set up large groups on social networks such as QQ, to offer usernames and passwords to compromised devices.
(Left) A list of users offering a means to hack into webcams; (Middle) A user proffering means to hack into a webcam; (Right) Lewd pictures taken off webcams that are being used to advertise compromised webcamsCredit: Ng Yi Shu/Mashable(Left) A list of groups where hackers list compromised webcams and software for sale; (Right) A detailed look at one of the top groups.Credit: Ng Yi Shu/MashablEA list of compromised cameras and login credentials. The filename reads: "If you share, your whole family will die."Credit: WeiboDownload statistics for the various lists.Credit: WeiboLists of up to 200 to 400 compromised cameras and their login credentials are given away each day for free and downloaded by hundreds of people, CCTV reported.
The lists are given away for free, so as to market the software.
Cybersecurity experts said camera owners who don't change the default user IDs or passwords open themselves up to way more danger.
Cameras are fairly easy to breach because many of them use similar firmware, added Eugene Aseev, vice-president of engineering at data protection firm Acronis.
"Once there is a weakness or vulnerability found in this firmware, all these devices [will] start to share this weakness or vulnerability," Aseev told Mashable. Vulnerabilities in firmware for Internet-connected devices led to the rise of the Mirai botnet in September last year.
Users should avoid using default device configurations, and update their devices' firmware frequently.
"Often, devices are designed with convenience in mind rather than security," said Igor Oskolkov, who blogs about cybersecurity at Kaspersky. "A failure to change the password means that everyone knows the exact [IP] address of the camera."
"Once you have unpacked a brand new internet-connected piece of hardware, spend a little time playing with its configuration," Aseev advised.
"Common default unchanged [passwords] on thousands of devices...is a primary flaw that is being leveraged by attackers."
UPDATE: June 22, 2017, 12:36 p.m. SGT Updated with additional statement from Kaspersky.
TopicsCybersecurity