Is your webcam exposed on the internet and everyone enjoying your personal moments? | How to check webcam or security camera is exposed on the internet or not?
Nowadays we start using many technology devices in our homes. Many people are installing CCTV or security cameras in their houses, private rooms, offices, private places, etc for security purposes and monitoring, but many of them don’t know how to configure that device securely.
So let’s talk about CCTV and security cameras only.
What do most CCTV/Security camera users believe?
Most users believe that using a strong username and password on a camera administrative page protects them. (Partially true in the case of online cameras)
Why it is partially true?
It’s partially true because you are protecting only the camera administrative page which is also an important part. Still, you are not protecting the protocol used to control streaming media servers (Real-Time Streaming Protocol (RTSP)).
I have seen many online webcams whose administrative page is secured by strong credentials, but they forget to secure the RTSP protocol which gives me access to the streaming video. Indirectly, I was able to see the streaming video without actually need for credentials. In most of the scenarios the RTSP protocol has no credentials or weak credentials are configured.
Let’s take a real-life example of the same
How to find whether our webcam is exposed on the internet or not:
- Assume that my public IP address is 18.104.22.168.
- You can check your public IP address on https://ipinfo.me/ or https://www.whatismyip.com/
- Now do a port scan on the public IP address, I know many of you are not from a technical background, just follow the steps that I have mentioned.
- Download the port scanner from https://nmap.org/download and install it in your system. If you are using Linux you can install it by using sudo apt-get install nmap.
- After installing the Nmap, open it and put the public IP address in “Target” if you open Zenmap GUI, otherwise use cmd/terminal for running the command.
nmap -Pn <public IP address> -sV — open