This question has been bugging me lately...

I read an article on IP cameras and it struck me odd. Sure its great if you want to keep an eye on things, but how can you be sure no one else is watching? From what I can tell the companies that make these units use linux as the embedded OS in the camera. The device is assigned an IP address when it is manufactured (which I will get to later) and you type that address in and get a web based login screen. From here you can enter your login and view the camera's output. The boxes are equiped with SMTP to e-mail pics, FTP to send data, and support PHP3.
So here is my question...is this secure? Most of the IP address's that companies purchase are in blocks and a matter of public record, so either through some smart Google searches or a little reverse engineering from a list of IP camera IP's., could you not determine other IP camera's IPs??
Then all you have to go through once you get to the login prompt is you standered cracking programs. This does not seem like a secure way to watch your home or office. The chances someone could find your IP cam's IP, hack its box, check the SMTP or FTP setup and get your e-mail, find out who and where you are, and watch you seems a little risky.
Am I being paranoid or what??


--------------------- - - -------
Awwww, what do you mean it BROKE?!?!?!
--------------------- - - --------
Stupid Windows, Computers are for Linux!!!

That's quite interesting an interesting point. I wouldn't have thought many people (if anyone) would give an IP camera a public IP address, and instead, it would be put on an internal LAN.

If you did need to access it from the web, you would set up a port forward to the PC from an external router (and employ host based access) or download the images onto an area of a website or onto a server that you have secure access to.

Generally though, I'd have thought they'd be deployed on a LAN and not publically available. If you're also worried about internal access to the cameras - if some are in sensitive areas that not employees have access to, then you would either put them on a physical network (switched networks aren't safe) or behind routers with host based control on them - but due to their (probable) dispertion across a building, that would probably work out expensive.

Thanks for the thought

In general, I don't think there's been alot of thought put into these new "semi-closed-circuit" security cam gizmos that are starting to hit the market. The setup you mentioned is probably one of the "safer" ones (and calling them safe in any terms is overly kind). The more prominent models are the 802.11 wireless models. Most of the ones I've seen don't include WEP or WPA or other encryption by default. So anyone within a several mile radius with some war-driving skilz will have access to it.

With the public IP models, you could try brute forcing the password only to end up staring at a parking garage security cam in DesMoines, Iowa (no offence to anyone in DesMoines). The point being, you really have no idea of what your looking at (as far as I am aware). With the wireless models, you know that the camera is somewhere close and can even triangulate it down and pinpoint the location. Which is especially creepy if you have the thing runnning in your house.