Google Exposes Web Surveillance Cams

An anonymous reader writes "Blogs and message forums buzzed this week with the discovery that a pair of simple Google searches permits access to well over 1,000 unprotected surveillance cameras around the world - apparently without their owners' knowledge." Apparently many of the cams are even aimable. Oops!

The question is

What is the search keyword.

Re:The question is

inurl:/view/index.shtml

Google stopped me

If I use inurl:"webcam/index.php evantually I get this message from Google Thsi only happens with the above text using .php and not inurl:/view/index.shtml With .shtml I can search forever.

Google Error We're sorry... ... but we can't process your request right now. A computer virus or spyware application is sending us automated requests, and it appears that your computer or network has been infected. We'll restore your access as quickly as possible, so try again soon. In the meantime, you might want to run a virus checker or spyware remover to make sure that your computer is free of viruses and other spurious software. We apologize for the inconvenience, and hope we'll see you again on Google.

Re:Google stopped me

lol - it would seem to me that they their automated tools are mistaking a slashdotting for an infection.

Re:Google stopped me

mistaking?

Re:The question is

Here is the webcam search URL:

inurl:"view/index.shtml"

Here is a list of others [ihackstuff.com]

Re:The question is

I did a page at http://www.opentopia.com/hiddencam.php [opentopia.com] that picks up a few hundred of the cameras found in google with inurl:"axis-cgi/mjpg", scans them every couple of hours, grabs the first picture from the Motion JPEG stream, geocodes them with their general location, and shows them in one page for easy access. Saves a bit of the trouble.

Security vs. Stupidity

This just underlines the engineer's problem with making something secure, yet making sure every moron in the U.S. can plug it in and turn it on and have it basically work.

Re:Security vs. Stupidity

This just underlines the engineer's problem with making something secure, yet making sure every moron in the U.S. can plug it in and turn it on and have it basically work.

Well, it's really just another example of engineers doing the job right, only to then have a PHB of some ilk tell them, "Now I want to be able to watch this from my office or my cell phone or from home, etc." Where the Engineer exclaims, "Doh!" and does it because he/she's not paid to THINK.

Re:Security vs. Stupidity

These are not peoples personal webcams, these are $500 - $2000 buisness cameras [axis.com] most of them are watching traffic and empty offices, and seem to be intended for public access.

Re:Security vs. Stupidity

It's not the job of engineers goddamit !

I'm sick and tired of hearing marketing, human resources, finance and 99% of the world of "business" come cry me a river when they complain system doesn't work as expected because they didn't know what the customer really wanted. Not even the customer knew what he wanted, they all came to me saying " it must be cheap and basically print me money "

Yeah sure and If I had the method I'd be working for you fools would I ?

Go ask Alan Greenspan you yahoos !

Re:Security vs. Stupidity

It's not the job of engineers goddamit !

I'm sick and tired of hearing marketing, human resources, finance and 99% of the world of "business" come cry me a river when they complain system doesn't work as expected because they didn't know what the customer really wanted. Not even the customer knew what he wanted, they all came to me saying " it must be cheap and basically print me money "

A big part of engineering is figuring out what the user wants. The user can't be trusted to automatically know exactly what it is he wants that's possible to do. If as an engineer you simply take what's initially asked for, you likely won't get far. If something is impossible, you have to explain to your customer that it is, and provide alternatives. Make sure everyone knows exactly what's going on. While marketers, customers, etc. all have their own faults in the process, you can't simply pass the entire buck to them.

As well, the issue of making something easy to use yet secure, as the grandparent post suggested, is not impossible nor impractical.

The URL I use

I use http://www.google.ca/search?q=inurl%3A%22axis-cgi% 2Fmjpg%22&btnG=Google to find them. It works great.

a search string for the lazy/stupid among us

http://www.google.com/search?hl=en&lr=&safe=off&c2 coff=1&q=inurl%3A%22MultiCameraFrame%3FMode%3D%22

Re:Run your own surveillance

Listen, I am getting tired of this joke, sure, lots of you are socially inept nerds, but I do have a wife, and I know for a fact that she is outside showing the gardener something or other in the back yard. Let me pull up my surveillance cam, see, there she is showing the gardener the. um . WTF ?!

Re:Run your own surveillance

I work with IP video surveillance (among other things) for a living.

This is a good example of why you SHOULD trust some other company. Chances are that company knows more than you do about setting up a system. Choosing the right people to work with is obviously important. I wouldn't trust myself to set up an alarm system for my offices, I would hire someone who knew what they were doing.

Most of the good cameras out there have built-in webservers. Sending motion JPEG over a network from the embedded webserver on the camera is the most common and efficient way to manage a larger camera installation, especially if you are recording. If you have a school district with 10 sites, 5 cameras each, using a network video system and central recording is a fraction of the cost of a traditional CCTV or even DVR (digital recording of analog cameras) setup. Configuring the camera incorrectly leads to problems like this, taking a step backwards to CCTV or other technology is not the answer.

some cameras

For the curious, here there is an article (in spanish, sorry) with some links to cams and what terms to search to find more, happy watching :)

http://sindominio.net/suburbia/article.php3?id_art icle=146 [sindominio.net]

The best ones so far

I got a jump on this from the Boing Boing post a couple days ago. I use inurl:"axis-cgi/mjpg".
This one seems to show every page printed off of some printer. http://81.72.76.218/view/index.shtml [81.72.76.218]. Right now it's some photo.
This one http://217.148.2.106/view/index.shtml [217.148.2.106] shows somes bar (German?) that seems very active.
This one http://24.173.235.172:8001/axis-cgi/mjpg/video.cgi ?camera=&showlength=1&resolution=640x480 [24.173.235.172] Shows animals under the knife, I've yet to catch a surgery yet.

Anybody find any other cool ones?

Re:The best ones so far

Austin International Airport Security:

http://lobbycamera4.abia.org/axis-cgi/mjpg/video .c gi?camera=&resolution=640x480

The search queries are...

Use Google and search for the following:
inurl:"ViewerFrame?Mode=" [google.com]
or:
inurl:"MultiCameraFrame?Mode=" [google.com]

search keyword - find the most interesting place!

one [google.com] two [google.ca]

I have clicked some of them, and indded some provide pictures of various random places, like shopping center, bureau, or parking lot. But I've noticed that some of them are asking for a password, or simply refuse to connect. Does it mean that admins had fast response to this issue? :)

And btw - slashdotting thousands of cameras around the world is really funny. Karma prize for a person that finds the most interesting places!

Re:search keyword - find the most interesting plac

I win:

http://63.243.46.98:8081/axis-cgi/mjpg/video.cgi [63.243.46.98] ...

interesting

On pages with non-enlish text (E.G. this one http://aquashop-es.miemasu.net/MultiCameraFrame?Mo de=Motion&Language=1)

change language=1 to language=0 to get english text.

Daycares with cams

While looking ofr daycare for my kids, I came across a few that offered web based cam viewing of the kids/classrooms. My wife thought it was a great idea til I suggested that anyone could potentially view the kids....sex offenders, children theft services, etc. Sure the school offered password based access, but any system that is turned on can be compromised. Maybe it's the paranoid dad in me, but while it may be nice to see what my kids and teachers are doing, it scares me that some pediphile may be watching what kids are doing, learning their favorite activites, and their overall daily schedule. The ped could even be a parent that has a kid registered at the school making access even easier. So in the end, I axed schools that has cams (especially wireless ones) and convinced my wife based on the reasons above.

Perhaps some places have policies where the camera is on only for certain periods of time that vary weekly and IT departments that verify access logs, but I saw no such plans when I checked.

Re:Daycares with cams

Maybe it's the paranoid dad in me, but while it may be nice to see what my kids and teachers are doing, it scares me that some pediphile may be watching what kids are doing, learning their favorite activites, and their overall daily schedule. The ped could even be a parent that has a kid registered at the school making access even easier. So in the end, I axed schools that has cams (especially wireless ones) and convinced my wife based on the reasons above.

You sound totally paranoid. The driver of your school bus could be a pedo. In fact don't take your kid to the beach, a pedo-infested hunting ground. Statistically walking down the street your kid may pass a few.

Despite what the media may say, the world is populated by mostly normal people. Teaching your kid the dangers and a bit of common sense, and a CCTV camera by the school gates where the kids are picked up, should ensure nothing happens. Please don't inflict your irrational fears on your kids, the media and certain Prominent Politicians will be doing far too much of that already.

Phillip.

Re:Daycares with cams

FerretFrottage (714136)

Funny how people with one deviant obsession are so annoyed by people with another. ;-)

Re:Daycares with cams

You are an idiot. It is an order of magnitude more likely that your child would be raped/coerced to sex by your brother, uncle, father, cousin or another relative. Not to mention that you are extremely likely to mess up the life of the child in the future with your paranoia. No, Cindy, you can't go on a hiking trip with your class, a pervert may be hiding in the woods. No, Cindy, you can't go to a prom, there might be a paedophile there. No, Cindy, I don't like that boyfriend of yours, he seems to be sexually attracted to young girls. Meanwhile you probably secretly fantasize [slashdot.org] about having sex with underage cheerleaders yourself...

This is awesome...

Meanwhile you probably secretly fantasize about having sex with underage cheerleaders yourself...

In case anyone didn't notice, danila looked up the posting history of FerretFrottage and found a post to use as incriminating evidence against him. This is a rather advanced flaming technique. I am quite impressed. Well done.

detailed links

graffe.com [graffe.com] suggests searching for inurl:"ViewerFrame?Mode=" [google.com].

You can do slightly bettter by searching for inurl:"MultiCameraFrame?Mode=" [google.com], as mentioned on Metafilter [metafilter.com].

Simple solution

It should be obvious, but any web server that doesn't want to be on google should serve up the appropriate robots.txt file. This includes webcams in their default configuration.

robots.txt not obvious

It's not really obvious.

If you don't want your webserver to be 'found' then either :
A. don't put it online. (Right)
B. security through obscurity: don't link to it, don't save a record of it. No links = no crawling/spidering.
C. Put it behind a server-wise password

Because in the end, Google may respect robots.txt but I, for one, don't when creating a local cache of a site using HTTrack .
And I'd imagine there's search engines which ignore it just as well.

Welcome to last October

Johnny at IHackStuff has a huge list of fun things like this you can get from google.
Here is the list of searches for network aware stuff: Google Cached since main site is down [64.233.187.104]
Some search phrases for cameras are: "camera linksys inurl:main.cgi" and
"powered by webcamXP" "Pro|Broadcast"

Don't forget that google can limit results to region by using "site:.jp" or similar.

a bunch of peepings toms...

...or a glimpse at the "transparent society" [davidbrin.com]?

In any case, I have to admit that one of my guilty pleasures used to be (before the slashdotting) this fun link to... 137 java-controllable webcams around the world: http://www.google.com/search?q=intitle%3Aliveapple t+inurl%3ALvAppl [google.com]

A certain japanese construction site has made a lot progress lately. :)

Does it matter they are public?

Since most of them are being used as simple security cameras for simi-public areas, there really isn't much secret data that is going to be discovered..

So you can watch cars in a parking lot.. Or people mill around the mall...Big risk there..

I don't see a big deal that most of them are not being locked down. Unless i missed something here..

Google Links to Web cams

Google - home" Requires installation of activeX plug-in. Great video feeds. [google.com]
Google - inurl:"ViewerFrame?Mode=Motion" [google.com]
Google - inurl:LvAppl intitle:liveapplet [google.com]
Google - intitle:"Live View / - AXIS" [google.com]
Google - "Powered by webcamXP" [google.com]
Google - inurl:indexFrame.shtml "Axis Video Server" [google.com]
Google - "MOBOTIX M1" and "open menu" [google.com]
Google - intitle:flexwatch intext:"Copyright by Seyeon TECH Co" [google.com]
Google - intitle:"WJ-NT104 Main" [google.com]

Speaking of IP cam, why isn't there higher res....

If you look on axis's site, you see most of them atre ~640x480 resolution, one being 1280x960, toshiba also has one megapixel version but it's astronomically out of price reach for simple applications.

With all of those sub 100 cameras that are going up to 3mpix these days, how come there aren't "HD"webcams or anything similar in the cheap end of the spectrum? it would be good enough for low-level consumer home security, and I'm sure it would sell like crazy. I know the image quality wouldn't be equal to the top webcam using CCD out there, but some application would require more resolution before perfect color reproduction.

Anyways just a thought... If anyone could point me to something that already exists, it would be nice, as I am sure a lot of people here would jump on this... :)

iSight

I heard about this sort of security problem when CU-SeeMe first came out years ago and I'm surprised it has become an issue again. Apple's iSight has a built-in iris that closes when you twist the lens, and twisting the lens also doubles as a switch for turning the camera on and off as well as launching iChat AV. Plus, there's a little LED that lets you know when it's on. I always thought that webcams should always have a physical lens cap on them because just for that added security, and never considered getting one until the iSight came out.

How it should be?

As David Brin frames it - I've stolen his opinion for this post, the key issues are transparency and egalitarianism.
The fact that we can look is not the problem. The problem with surveillance cameras is when people can look at us, but we can't look back.

Wouldn't it be better if a women going to her car can look at surveillance cameras up the block to make sure she will arrive safely? Or a citizen's watch groups can virtually patrol it's own neighbourhood?

The key problem is when a select few can control and abuse the technology and possibly enforce the law selectively. For example, corrupt cops losing video evidence of them beating someone to death.

I'm not completely sold on the idea, but it's an opinion worth considering.
Transparent Society [davidbrin.com]

Good reason to make security cams public..

Its not such a bad idea to make security cameras publicly viewable (although allowing the public to conrtol them is another matter) for example it essentially gives you a whole world full of witnesses to whatever events may happen..

Lets say your local friendly 'protection' dude wanders in to your shop one day asking for money 'or else'.. you can either..

a) inform him that his every move is being watched by a million slashdotters..

b) pull your gun out from under the counter and blow his brains out - then tell the police there's plenty of witnesses to interview.. ;)