Los Angeles

Website Exploits Passwords to Get Peek Inside Private Lives

A new website has taken advantage of a weakness in many home security systems to take a peek inside people's private lives.

Home surveillance systems are supposed to make residents feel safe.

An Internet search, though, turns up a website that has turned the devices into direct portals for a peek inside people’s private lives.

Private hallways in Reseda, bedrooms in Hollywood, dining rooms in Los Angeles, kitchens in Pasadena and home offices in Burbank all turned up on the site - more than 1,000 across Southern California.

The technology behind the site exploits the likelihood that many homeowners never change their default passwords, set by the manufacturers before the devices are installed. Many people leave the pre-issued usernames like "Admin" combined with standard passwords like "12345."

That makes the home systems vulnerable to a simple hack.

But the website is so new, even LAPD detectives said they were surprised by it.

"It's scary, it's scary," said Detective Dan Fournier. "Yeah, this is incredible. Child’s bedroom here, people sleeping here."

Fournier said the tool isn’t just concerning because it could be a window for burglars to figure out the layout of homes, but also because of the voyeurism component.

"You are thinking you are doing it to monitor your child, some pedophile may be monitoring it for other reasons," he said.

He also said anyone who browses the site may be guilty of committing a crime.

"Basically you are using a camera, to view somebody's bedroom," he said. "You are a peeping Tom."

NBC News reached the operator of the website, which appears to have been registered in Moscow, and which NBC4 is not disclosing, who sent a statement.

In broken English, the statement said "I am glad to point users into a large security problem." The operator said he set up the site to highlight the issue with default passwords.

Nude screenshots of people in their homes that appear to have been taken using the website are being circulated online, though.

Some devices are vulnerable include:

  • AvTech DVRs
  • Foscam cameras
  • Hikvision DVRs
  • Panasonic cameras
  • Linksys cameras
  • IPCamera cameras

Fournier said the best thing for homeowners to do immediately is to change the default settings on their devices.

"Change your password. Right away, because as you can see most passwords when you get the system the default password is 12345," he said. "Just about everybody knows that."

Contact Us