Skip to content
Naked Security Naked Security

Webcam woes – world’s oldest online camera struggles with security

Webcams are older than you think - but the oldest one still running won't be around much longer.

These days, webcams are everywhere.

I’ve got one in my laptop, two in my phone, and even one that I can mount on my bicycle, though admittedly its battery doesn’t last very long when it’s filming and streaming at the same time.

You’ll find webcam technology where you might expect it, such as in security cameras; where you might not have known you needed it, such as in doorbells; and very creepily where you definitely don’t want it, such as hidden away sneakily in a smoke alarm in the bedroom of your B&B.

Indeed, webcams are so widespread these days that they’ve turned into low-cost, low-margin consumer products that regularly, if unsurprisingly, turn out to have cybersecurity flaws that could put your privacy – perhaps even your most intimate privacy – at risk.

Security concerns over webcams are sufficiently common, in fact, that industry heavyweights including James Comey, who was Director of the FBI at the time, Mark Zuckerberg, CEO of Facebook, and Whitfield Diffie, one of the pioneers of public-key cryptography, have all suggested putting a strip of sticky tape over your laptop webcam.

But it wasn’t always like that.

The first webcam server was Cambridge University’s famous Trojan Room Coffee Pot.

(Technically, it wasn’t a webcam in its early days because it came online before the University had its first web server, and it used its own network protocol rather than HTTP, but we’ll grant it webcam status retrospectively, right back to the first time it captured an image for others to see.)

Quentin Stafford-Fraser, who wrote the client-side software that users ran to see if there was coffee available, is the Coffee Pot’s unofficial biographer, and quips that:

The image was only updated about three times a minute, but that was fine because the pot filled rather slowly, and it was only greyscale, which was also fine, because so was the coffee.

The Coffee Pot went online in 1991, serving 128×128 pixel images at 0.05fps for 10 years before it was decommissioned for ever:

New kid on the block

These days, the longest-running webcam is a comparative newcomer that dates back a mere 25 years.

The San Francisco FogCam started in 1994, a project at San Francisco State University by two students who go by the handles Webdog and Danno (Jeff Schwartz and Dan Wong IRL).

The project even has its own Twitter feed.

Unlike Cape Town’s Noon Gun feed that we wrote about a few years ago, which tweets BANG! every time the gun goes off (it really does!), @FogCam just carries occasional news about the FogCam service itself.

There wasn’t an awful lot for @FogCam to say – it charted the ups and downs (literally and figuratively) of the device and its server, and its occasional moves around campus, with messages such as:

A couple of years ago, it tweeed the portentous implication that it was living on borrowed time, or at least in a borrowed office or street pole:

Sadly, that time is now running out and the FogCam will be no more at the end of August 2019:

Bay Area publication SFGate quoted Jeff Schwartz himself as follows:

We felt it was time to let it go The bottom line is that we no longer have a really good view or place to put the camera. The university tolerates us, but they don’t really endorse us and so we have to find secure locations on our own.

That’s certainly a different sort of webcam security than we normally write about – it’s not that the camera might be hacked, but that someone might make off with it.

Well, Dear Readers, what do you think about that?

What should Webdog and Danno do next to fill the (void *)?


6 Comments

They did well to keep them running so long. These days it’s a matter of minutes before online devices are attacked.
How times, technology and threats move on eh? :)

In recent honeypot research we did, the first RDP probe came 94 seconds after the first honeypot went live:

https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/sophos-rdp-exposed-the-threats-thats-already-at-your-door-wp.pdf

But the first SSH probe showed up in under a minute, at just 52 seconds:

https://www.sophos.com/en-us/medialibrary/PDFs/Whitepaper/sophos-exposed-cyberattacks-on-cloud-honeypots-wp.pdf

Agreed, it’s amazing it stayed running for so long. I wonder type of vulnerabilities or open ports a 25 year old camera would have?

From the publicity this camera is now receiving, many on Twitter are keen to help out. Fingers crossed this won’t be the end for it.

Thanks.

Maybe SF FogCam can do what the Braves did in Major League Baseball, or the Swans in Australian Football? They’re the Atlanta Braves and the Sydney Swans now although they started out in Boston and Melbourne repsectively. (The Braves even spent a decade in Wisconsin on the way to Georgia.) Maybe a Global FogCam Franchise – “comparative fogtography”!

“grayscale coffee”… now that’s descriptive! Thanks for passing that along, it gave me a good chuckle.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?