Ars Technica takes a look at privacy and camera surveillance systems:
If you’re in public, you’re on camera. […] The question is no longer if you’re on camera, but rather how many different angles you were caught on while going about your day.
With so much monitoring taking place, and with surveillance systems gaining more online functionality every year, it’s natural that securing these systems would become… complicated. And that many many are secured incorrectly or not at all. Because so many cameras and surveillance systems are completely open, it’s possible for anyone with Internet access to watch literally thousands of cameras online using only Google and a kindergartener’s understanding of the ‘Net. With a little time and patience, almost any given system, from a set of residential cameras to those used by your local police, can be accessed, viewed, and even reset if not properly secured. Of course, if you can do this, it means that anyone can do it. […]
Though they are relative newcomers to the surveillance market, IP cameras caught on quickly and are rapidly stealing market share and consumer preference from traditional (analog) cameras. In an analog system, all cameras need to be wired directly back to a central recording system using analog cable (typically RG-59 or RG-6 coaxial). […]
IP cameras often present an attractive alternative. Using the same basic technology that your computer uses, IP cameras take their own IP addresses and stream video directly onto a network without connecting to a DVR or control platform. Larger systems can integrate multiple IP cameras together using an NVR (network video recorder) that connects to and records multiple cameras at the same time. […]
Once an IP camera is installed and online, users can access it using its own individual internal or external IP address, or by connecting to its NVR (or both). In either case, users need only load a simple browser-based applet (typically Flash, Java, or ActiveX) to view live or recorded video, control cameras, or check their settings. As with anything else on the Internet, an immediate side effect is that online security becomes an issue the moment the connection goes active.
Though most NVRs require usernames and passwords for access, many individual cameras do not. An NVR can have the most advanced password imaginable, but if its remote cameras are online and unprotected, anyone with a web browser can completely bypass the system’s security, no hacking required.