• United States



Mom discovered twin daughters’ bedroom being streamed via Live Camera Viewer app

Aug 14, 20164 mins
Data and Information SecurityInternet of ThingsMobile Apps

The security cameras were allegedly hacked after the woman's daughter entered Minecraft server info. The footage was secretly being streamed via an Android app.

If you were considering potential vacation locations, then the Android app Live Camera Viewer for IP Cams is purportedly “for travelers to have a spy sneak peek at travel destinations.” Yet children’s bedrooms would never occur to me as a travel destination. A heartsick mom in Texas found out her kids’ bedrooms were being live-streamed via the app.

ABC News recounted a story that started with a mom and son duo from Oregon; they had been surfing satellite images of Earth. The Oregon mom found the Live Camera Viewer app while looking for more satellite feeds. That’s when she saw a broadcast from Houston, Texas, of a little girl’s bedroom.

So, the mom in Oregon took to Facebook in an effort to reach the Texas family. Someone did recognize and notify the Texas family secretly being streamed.

Things get a bit confusing after this, since the Texas mom said the family’s security “webcams” were hacked. While it’s easy to understand how upsetting it would be to learn your 8-year-old twin daughters were being live-streamed while they were in their bedroom—while they dressed, slept and played—the explanation left me thinking, wait, what?

In the accompanying video, ABC reported the Texas mother said she changed her Wi-Fi password “but thinks hackers accessed the camera through a video game her kids were playing.” It was also reported that the “cameras had been hacked.”

By Wi-Fi password, does that mean she changed the default password on the security camera system? If not, then it is most likely the camera system was not hacked at all. Apparently the security company the mom consulted disagrees. She was told the breach had to do with her daughter playing Minecraft.

She told ABC News that when her 8-year-old daughter was prompted for a server name, the girl “searched for one online because she didn’t know the family server’s name. She said her daughter was able to find an unprotected server online and used it.”

“From what I understand, there’s tons of unprotected servers out there these kids are going on, and basically people are waiting for them,” she said.

Jennifer said that security experts had told her hackers would have been able to find the family’s IP address off her daughter’s iPad, locate their monitor and computer system, and then access their modem as well as their DVR system, which was linked to cameras throughout the house.

“They had [571] likes,” she said of the live stream, “so I know for a fact 571 people have been staring at my kids, probably more.”

My theory could be wrong, but it seems unlikely the cameras were “hacked.” It seems more likely that the default configuration was not changed. However, it might have gone down like the security experts said.

The app, Live Camera Viewer for IP Cams, claims to give users the ability to “view more than 50,000 public live real-time online video streaming CCTV surveillance and security web cameras around the world right from your Android smartphone and tablet. Watch almost every place on Earth on live cams in our webcam viewer (we add every Earth cam by your requests inside the app).”

Unfortunately, just like on other sites that stream unsecured security cameras, the U.S. is right at the top with the most cameras for viewing. The app currently shows the U.S. has the most with 3,977, followed by 848 in Japan, 592 in France, 490 in Italy and 426 in the Netherlands.

Users can watch feeds at random or select specific locations and categories. Overall, the category “undefined” is the largest with 9,221. Roads is next with 228, followed by 155 for city. In the U.S., of the 3,977 total cameras that can be viewed, 3,428 are in the undefined category. It’s unclear how many of those give a “spy sneak peek” into private homes and bedrooms, as well as how those privacy-invading streams ended up being featured in the app.

They might have been found simply because the cameras were not secured, not changed from default settings, meaning not protected with a unique password. They might have been added by request as the app claims. Nevertheless, this is yet another reminder to change the default password.

While you’re at it, put a Post-it note or a piece of tape over your webcam; it can easily be hijacked and have the recording light disabled. If that sounds paranoid to you, then consider that FBI Director James Comey and Facebook king Mark Zuckerberg do it.

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.