$28 App Lets Anyone Spy On Private Webcam Feeds


Bored of watching the same reality TV shows season after season? An inexpensive app lets you snoop on real, live video of real, live people who probably have no idea they're being watched.

A Chinese software company sells the app for around $28. Purchase it, install it, and fire it up on a computer and you can tune in to real time video streams from all over the world. Many of the cameras are aimed at uninteresting venues like parking lots, but there are plenty showing feeds from inside homes and apartments.

As you can no doubt imagine, that creates the potential for catching people in some very private moments. In fact, that's one way the developer advertises the app: with a bunch of thumbnailed images of people in various states of undress.

Surely most -- if not all -- of the people "starring" in these "shows" are doing it unwittingly. So how did their private lives end up being streamed to scores of strangers via a mobile app? The same way that hundreds of thousands of connected cameras became infected by the Mirai worm.

It's all down to bad security practices. In the worst-case scenario, these connected cameras ship with a hard-coded password that users can't change to access the video feed. That means anyone who can figure out the password and scan for cameras that are broadcasting (which is not at all hard to do) can tune in.

In other cases, camera manufacturers do allow the password to be changed. Some even advise customers to change the default password as soon as possible. Not everyone heeds those warnings, however, despite repeated warnings from security experts.

What's worse is that these feeds frequently show up in a lot more places than the app Mashable singled out. There are numerous apps like this one -- and just as many websites -- that are streaming video from the same cameras.