Security camera footage from inside homes, offices and shops across Britain is being intercepted and broadcast live on the internet - without the owners' knowledge.

Read also: Hacker yells at baby via monitor

An investigation can reveal that "home hackers" are easily able to spy on people going about their daily lives through cameras that were installed in homes to improve security.

During a two-hour period last week we watched an internet website - available to anyone in the world - and saw footage from British locations of:


• Babies in cots
• A schoolboy playing on his computer at home in North London
• Another boy asleep in bed
• The inside of a Surrey vicar's church changing room
• An elderly woman relaxing in an armchair
• Two men in a kitchen sharing a meal

If you have installed a camera of the type that can be hacked in this way, you could be being watched now. Vulnerable devices include baby monitors, domestic security cameras and CCTV units that monitor offices, shops and factories. Hacking can be prevented simply by changing the factory-set default security codes that every camera comes with.

Last night Britain's Liberal Democrat MP Julian Huppert, who sits on the influential Home Affairs Committee that scrutinises internet crime, said manufacturers had to do more to protect customers.

"It's absolutely shocking. We should get the companies which sell this to force customers to change default passcodes," he said.

"This should be a wake-up call to anyone who has a camera in their home or business."

Some 350,000 individuals and businesses buy such cameras every year in the UK and many fail to change the default passcode - leaving them exposed to hacking.

A large number of buyers will be parents who use the devices to monitor babies and young children. They will be horrified to learn that footage they assumed could be accessed by them alone has, in some cases, been made available by hackers for the world to see.

Professor Alan Woodward, a cyber security specialist, said: "The really scary thing is that people buy these cameras for their own security. But they have no idea that thousands of people might be spying on them at any one time."


Much of the footage is mundane and reflects the enormous growth in home security systems, but there are also huge amounts of live feed from offices, restaurants, bars, swimming pools and gymnasiums.

Cashiers and hotel receptionists are observed in close-up from cameras fixed to walls behind them; there is footage from inside a London hair salon; women can be seen having their nails manicured in Eastleigh, Hampshire; and another stream shows men lifting weights in a Manchester gym.

Technology expert Shawn Day said there was worrying potential for the footage to be exploited by criminals. He said: "There was one camera in an office and I could actually read the screen of the computer where they could be entering private information such as passwords, but it's fully displayed to the world.

"It's not just the creepy feeling that you are being seen, which is the main concern, it's also the content of what is being seen. We're talking about financial information, private information - exactly the sort of stuff the camera is designed to protect, but is doing the opposite."

Many cameras were fixed on babies and small children sleeping in their beds. There was also close-up footage of an elderly lady relaxing in Aberdeen. Another camera in a London home filmed a schoolboy texting on his mobile phone. A man in Crawley was seen on a sofa with a cup of tea, with family photographs on the wall behind him.

In the past there have been some incidents of computer hacking to seize control of built-in webcams.

That process is called 'ratting', as the hackers send out a virus that allows them access to a person's desktop computer or laptop without their knowledge.

But we discovered that the hacking of stand-alone security cameras - IP (Internet Protocol) cameras - is a much simpler process and more widespread. Most cameras that connect to the internet come with a default username and password which most people do not realise they can - and must - change.

If owners fail to do so, their live feed, which they can access from smartphones, could also be picked up by hackers who scan addresses on the internet until they find an exposed IP camera. Experts fear large numbers of such cameras are vulnerable to hacking.

The hackers then input a number of commonly used default passwords until they gain access. Finally they stream the results on to their own websites for all to see.

For security reasons, the hacking website is not being named by The Mail on Sunday. The site keeps the exact locations of the cameras deliberately vague, providing only names of cities and towns.

During our investigation we discovered footage being beamed from a travel agent's office in London.

Our reporter visited the office to alert the owner, who had no idea his daily business was being broadcast to the world. As our reporter helped him log on to the hackers' website, staff at The Mail on Sunday's office we were also monitoring it.

We saw the reporter walk into the shop and explain that the six CCTV cameras had been hacked.

Our reporter waved at the camera and the businessman was astonished to see it broadcast on his computer.

The shop could easily be identified to any criminal watching because one of the hacked cameras partially revealed its address on a hoarding.

"This is absolutely appalling," said the manager, who asked not to be named. 'The system was installed three months ago and they didn't tell us anything about passwords. I can assure you they will be changed.'

His cameras were manufactured by China-based Hikvision, which insisted last night that it does 'everything possible' to warn of the need to change default passwords.

In another case, we identified a house in Southend, Essex, because the Hikvision cameras at the property - fixed on the drive, back door and side gate - included the owner's name and address on screen.

The owner said: "We got these cameras to try to keep our property safe but we never imagined that people are looking at our house and what we're doing. Burglars could see when we're out."

After being alerted, the travel agent and homeowner both changed their passwords. Their footage is no longer available online.

Many of the hacked cameras used by parents are made by another Chinese company, Foscam.

Hikvision and Foscam cameras are both available in New Zealand.

A spokesman said it was aware of hacking and will now 'force' users to change passwords. It is not clear who is behind the hacking website, but The Mail on Sunday established that it is 'hosted' by a company called MediaNet based in the Moldovan capital, Chisinau.

A spokeswoman said: 'We were not aware of this. Thank you for letting us know.' She could not say what action, if any, would be taken.

Tony Neate, of the Government's Get Safe Online campaign, said: "The most important thing to take away from this is how important it is to change the default password on the device. Camera instruction manuals should explain how to do this, and if not, then you should contact the manufacturer for guidance."

It is unclear what can by done by police, who have spent more than £20 million investigating phone hacking. The National Crime Agency said: "It is vital that individuals and businesses take all possible steps to protect themselves from having personal or financial information compromised, making sure operating instructions are followed, security software is up to date, and passwords are strong and regularly changed."

How to protect your privacy

• Ensure the camera you buy allows you to change the default password.

• If manual doesn't explain how to do this, call manufacturer and get clear guidance.

• Take time to set up a strong password and change it regularly.