There are a lot of attractive features for “plug-and-play” security cameras that are flooding the market, promising to protect your home cheaply and easily. Yet at the end of October, an article published on Motherboard revealed a website was collecting video streams from more than 73,000 IP cameras. The owners — who were using the cameras to monitor stores, parking lots, and inside their homes — had neglected to change their cameras’ default passwords.
A search engine called Shodan indexes devices that are connected to the Internet, including cameras and baby monitors. It uses “banners,” the automatic response issued by connected devices, to catalog anything and everything that’s on the Internet. The banners can contain a device’s default password, so it’s easy to find cameras and other equipment that are vulnerable.
There are some steps you can take with any devices you have that are connected to the Internet. First, make sure none of your smart devices are still only protected by the default passwords. Follow these steps to create strong passwords that are harder to crack. Keep the passwords secure and don’t give them out to anyone.
Next, decide if you really need your cameras connected to the Internet. Maybe it’s more important for you to be able to monitor your front door step than try to keep that footage secure, but you probably don’t want anyone to see what’s going on inside your home. Connect those cameras to a LAN (Local Area Network), following the instructions here.
If you’re curious to see if your devices are showing up on Shodan, search for your devices’ IP addresses by typing in “net:YOUR.IP.ADDRESS.” To keep Google from finding your camera’s webpage, avoid linking to it anywhere on the Web, including social networks.