Webcam Panic

insteon-webcam-image-from-smarthomedotcomWebcam Panic: a reader asks…

I just read about the big internet outage a few weeks ago, and how it was perpetrated by hackers who took over webcams. I have a few webcams around my house and am wondering if they were hacked. My cameras are all from Smarthome.com and are the Insteon HD 720P IP Camera model 2864-222. Any thoughts?

As part of the outage research, it was found that one company’s webcam products were a major source of the hacked webcam’s. That company is Hangzhou Xiongmai Technologies, and their webcams were often branded XM. Other brands of hacked gear listed are: ACTi, ANKO, Axis, Dahua, Dreambox, EV ZLX, Guangzhou, HiSilicon, IPX-DDK, IQInVision, Mobotix, Packet8, Panasonic, Realtek, Samsung, Shenzhen, SMC, Toshiba, Ubiquiti, VideolQ, Vivotek, Xerox, & ZTE. Thanks to Brian Krebs for this info, although he notes that it isn’t a complete list!

Unfortunately, there are probably tons more webcam products out there using HXT hardware, and a quick internet search doesn’t turn up who actually makes the hardware that goes into your Smarthome webcam model. But I can tell you that there are two things you should do/have done to make sure your webcams are as secure as you can make them.

First, you should have changed the default password. When setting up the webcam, you are given a temporary user account (admin) which you must then assign a password to, so you can log in. After you’ve completed the setup of your webcam, you need to revisit the control panel and change the user accounts. You should add a new account with a unique username and a strong password, and then delete the original admin account.

Advertisement

smarthome-camera-web-settings-screenshotSecond, you should check for and update the firmware of your camera if needed – visit the camera brand name’s website and search around till you find it. You can also do a google search with the terms: [your brand] [your model] and “firmware software update”. Owners of the popular Smarthome/Insteon cameras can visit http://www.insteon.com/support-knowledgebase/2015/5/12/update-your-hd-wifi-camera-system-firmware. I should note that most of the modern web browsers will not allow you to load the webcam, since that model uses outdated extensions that modern web browsers consider unsafe. You’ll need to use the IP Camera Tool that’s provided by the website. Open it and it’ll scan your network and identify all your webcams. You can then right-click on each entry to see what the current version of firmware is on the webcam, which you can compare with the firmware listed online. Be sure to verify your webcam version, since older webcam versions can’t use the latest firmware.

smarthome-ip-camera-tool-screenshotOnce you’ve done that, you’ve done all you can do to ensure your webcams are as safe and secure as possible. One other thing you might consider is to simply leave the webcams unplugged unless you actually need to use them. For example, some folks use webcams to look in on their home when they’re away on vacation. So leave them unplugged till just before you head out on vacation and unplug them when you get back home.

Internet-connected webcams aren’t really the best for home surveillance, especially if you’re going to record the video to review later. For more security, it would be worthwhile to invest in a closed-circuit camera system. But these relatively cheap webcams can be handy to peek in on your dog when you’re not home, or to use as a nannycam. Just remember that the video they show is not very secure compared to closed systems, and that these IoT (Internet of Things) devices are inherently unsecure.

This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via:

Click or tap to open a new browser tab or your Venmo app and send money via Venmo to @positek
(@PosiTek)

Click or tap to open a new browser tab or your Paypal app to send money via your Paypal account to support@positek.net
(Support@PosiTek.net)

Click or tap to open a new browser tab or your Paypal app to send money using your credit card to support@positek.net (no Paypal account required)
(using any credit card)

or by mailing a check/cash to PosiTek.net LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thanks!

Leave a Comment

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

This site uses Akismet to reduce spam. Learn how your comment data is processed.