A.G. Schneiderman Issues Alert To Protect New York Webcam Users From Hackers


Ag urges consumers to change the default login credentials on their web-based security cameras, also known as nanny cams or home security cameras.

Print Email

Long Island, NY - December 3, 2014 - Attorney General Eric T. Schneiderman today issued a consumer alert following recent reports that live feeds from unsecured wireless network cameras, or “IP cameras,” have been made publicly available on several websites. These cameras, which thousands of New Yorkers use to remotely monitor their homes, offices, businesses, pets and loved ones, are often shipped to consumers with default user names and passwords that are publicly available. By not changing these default settings, many consumers unwittingly allow their IP cameras to broadcast unsecured, and sometimes unencrypted, live video feeds across the Internet.

“No New Yorker should feel violated in their own homes – especially by a webcam intended to keep our belongings and loved ones safe,” said Attorney General Schneiderman. “As we increasingly rely on web-based services, we must all take additional steps to inform ourselves of any dangers and protect our privacy. By following some simple steps and taking basic precautions, consumers can keep their webcam feed out of the reach of hackers and improve their security.”

Using simple software, anyone can identify operational IP cameras whose default security settings have not been changed. From there, a hacker could gain access to the camera’s settings using the default login credentials and not only view the camera’s live feed, but also identify the geographical coordinates of the camera.  The hacker can also pan, tilt and zoom the camera to view different parts of the user’s home or business, and change the device’s settings so that the camera’s owner is no longer able to control it.

Attorney General Schneiderman issued the following tips to educate the public so they can better safeguard their privacy:  

  • If you have not already done so, change the default username and password on your IP camera immediately.  Use a strong password that only you know.  You may be able to change the password by visiting the website that you use to access the live feed from your camera.  Otherwise, follow the instructions that came with your camera to learn how to change these settings.  If you no longer have the user manual that came with your camera, you may be able to find it on the camera manufacturer’s website.
  • Some cameras allow users to deactivate the device’s security functions.  Verify that your camera’s password requirement is turned on. If your camera supports data encryption, make sure this feature is turned on as well.
  • Be aware that if you either enter your camera’s login credentials or view your camera’s video feed on a website that does not use encryption technology, that information may be intercepted by others.  Websites that begin with “HTTPS” protect your information by encrypting data transmitted through the site.
  • If you use a mobile app to access your camera’s video feed, check to see if the app encrypts your data. If not, avoid using the app on unsecured WiFi networks, such as public hotspots.
  • Make sure that the software used to operate and manage your camera is up to date.  Check your camera manufacturer’s website to see if you have the latest version of the software and sign up for update notices.

Photo by Abric Armand via Free Images