If you have an web-connected camera, you should change your password ASAP.
For just 188 yuan ($28), you can buy software that would allow you to hack into connected cameras, Chinese state broadcaster CCTV warns.
Such software can easily scan for and access vulnerable devices, which are commonly used as baby monitors and surveillance cameras in the home.
Hackers in China have also set up large groups on social networks such as QQ, to offer usernames and passwords to compromised devices.
Lists of up to 200 to 400 compromised cameras and their login credentials are given away each day for free and downloaded by hundreds of people, CCTV reported.
The lists are given away for free, so as to market the software.
Cybersecurity experts said camera owners who don’t change the default user IDs or passwords open themselves up to way more danger.
Cameras are fairly easy to breach because many of them use similar firmware, added Eugene Aseev, vice-president of engineering at data protection firm Acronis.
“Once there is a weakness or vulnerability found in this firmware, all these devices [will] start to share this weakness or vulnerability,” Aseev told Mashable. Vulnerabilities in firmware for Internet-connected devices led to the rise of the Mirai botnet in September last year.
Users should avoid using default device configurations, and update their devices’ firmware frequently.
“Once you have unpacked a brand new internet-connected piece of hardware, spend a little time playing with its configuration,” the expert said. “Common default unchanged [passwords] on thousands of devices…is a primary flaw that is being leveraged by attackers.”