New Search Engine Lets Anyone Spy on Your Webcam

By Eowyn @DrEowyn

A new website called Shodan enables anyone to spy on your webcam, seeing everything that the webcam sees, such as the interior of your home.

So if you have a webcam installed either inside or outside your home, make sure you set a password for your webcam.

Jennings Brown and Adi Cohen report for Vocativ, Jan. 25, 2016, that a new feature on Shodan, the most popular search engine for the Internet of Things, just made it a lot easier for anyone to find your webcam feeds. And it’s even creepier than you can imagine.

Shodan is a website that scans the internet for publicly accessible devices and captures their IP addresses—creating a searchable index that includes everything from in-home surveillance cameras to traffic lights to fetal heart monitors to power switches for hospitals. Essentially, any device that doesn’t have a password is up for grabs.

Programmer John Matherly developed Shodan in 2009 when he was a teenager, and he originally thought his pet project would help large tech companies see who was using their devices. But now the website is mostly used by hackers and researchers. Until recently, Shodan was used almost exclusively within the cybersecurity community, because searches require a general understanding of technical language. But a new feature has made it easier for anyone to peek people’s home surveillance devices. The new channel includes screen grabs of security camera feeds along with their location.

As Ars Technica reports, Shodan members who pay the $49 monthly fee can search the full feed at images.shodan.io. A Vocativ search of some of the most recently added images shows offices, school, porches and the interior of people’s homes. Accompanying each of these grabs is a pinned map that shows the location of the device capturing that footage.

The site also offers free memberships that allow anyone to search through thousands of webcams. Most of these devices require a password to view the feed (Shodan users have written a few articles about the most-used passwords so that others can easily hack feeds), but many people don’t set up password authentication on their devices. Such cameras are easily accessed through Shodan, and many of them can even be controlled by Shodan users.

The authors of the Vocativ article tried out Shodan for themselves.

Moments after setting up a free account on Shodan, they were able to access and maneuver several security cameras within people’s homes, even moving the webcam’s views from left to right, down and up. Here’s a screenshot of the view from a webcam inside someone’s home:

Shodan also provided the general location where each of the live feeds were coming from, which means it would not be difficult to track down those homes and figure out when their owner is away.

So, if you value your privacy and security, set up a password on all your connected devices!

~Eowyn