I had the distinct pleasure this past week (as I write this) of assisting Bob Cromwell with teaching Learning Tree Course 468, System and Network Security Introduction in New York. [When classes are large, Learning Tree adds an additional instructor to courses in order to help participants with questions, hands-on exercise issues and so forth. This is especially valuable when there is a large number of participants taking the class online with Learning Tree AnyWare.] I always enjoy watching Bob teach as he has great stories and insight into security issues.
One story he shared with the class last week – and which relates to a recent news item – dealt with the accessibility of live internet cameras. With a simple search or two one can find live cameras on the web and view them; some even allow remote control of the camera by unauthenticated users. (No, I’m not going to share the links to any of those cameras; you’ll have to find them on your own…) Maybe some of those cameras are out there as a type of transparency: “watch us build you widget carefully and safely”. Maybe they’re there so folks can watch widget construction and learn how it’s done. I suspect, however, that many of those cameras are not intended for public viewing – that they were connected to the net so some employee or employees could watch the widget building, parking lot, office or whatever. By not publicizing the name or address, someone probably thought, “nobody will find this”. Someone clearly did. Might there be liability issues arising from some of these public cams?
That no authentication is required is an interesting issue. Some (many?, most?) web cams don’t seem to require a password by default. Cameras marketed to consumers seldom seem to. An article on cnn.com relates the story of TRENDnet whose “secure” cameras appear to have been not so secure. The story reports that feeds from 700 of them were posted publicly online in January 2012. According to the article, some were used to monitor children and had feeds of sleeping babies and the like. I didn’t see any of the feeds, but I’ll trust CNN and The New York Times.
The TRENDnet situation has opened up a large debate about privacy. Should the cameras be required to be secure or should consumers be responsible to secure their cameras if they think that’s important? Where Who should bear the responsibility for maintaining one’s privacy? What do you think? Let us know in the comments below. You might also end up discussing this in a System and Network Security Introduction class taught by Bob, me or another of our great instructors.