We phoned the store in Langley, Vancouver, and asked the shop attendant to stand in front of the camera with a sign bearing the initials of the Herald on Sunday. Snap. We could see them and so could anyone else in the world who had the necessary basic computer skills.
The IP addresses had been published on the internet on a well-known file-sharing website and were for internet-based cameras that had been hacked.
The links were to Trendnet-branded cameras which are sold by New Zealand retailers.
Artem Zavyalov, manager of the seven Canadian stores, did not know his security camera was accessible online and said the camera had been password-protected.
Links revealed live webcam footage of a toddler in a cot, a man lying in his underwear watching television and a young boy sitting on a couch.
Online forum disasterresource.com warned consumers buying internet-based security cameras about the flaw and said it was concerned thieves were using footage accessed from internet-based cameras to profile properties to steal from.
The forum also noted children were at risk of being profiled.
Police officer in charge of the online child exploitation squad John Michael said police had not encountered any situations of people profiling New Zealand children through internet-based cameras.
However, there was a clear risk for people who had home security systems and were uninformed about the risks associated with them, he said.
"I have heard about cases in the US where hacking into webcams has happened. With anything that is accessed on the internet, there is a risk of children or adults being exploited.
"You have to make sure you do your homework when you get a home security system, making sure it has robust security protocol," he said.
Privacy Commissioner Marie Shroff said caution was always needed with the technology.
"We're not aware that it's being used for home-based security in New Zealand.
"If companies were to offer it to home users, they would need to have strict security safeguards, including using encryption and strong password protection. Users would need to be aware of the risks of filming and storing images via the internet, such as the possibility of being hacked."
While IP cameras were convenient because consumers could access footage remotely when they were away from their home or business, that also exposed the cameras to hackers, thieves and cyber-spying if they were not at least password-protected.
Technology writer Peter Griffin said problems arose when those installing the cameras were unaware of networking and best security practice.
Secure protocols were not always being sold with IP-based security systems and the data transmission set-up could affect the level of security.
He said the main protection for consumers was password protection on cameras.
"The technology is not popular yet; if you set up a user name and password in the same way you would a wi-fi system, you should be okay. It's a pretty targeted thing to hack into a password-protected system."
Executive director of Netsafe Martin Cocker said many security systems could be breached via the internet.
He'd heard of people hacking into corporate video conferencing systems but was unaware of security cameras being targeted.
The Herald on Sunday spoke with 10 security companies which installed security systems in Auckland.
Most would not speak on record but said they did not warn customers about any security risks associated with the cameras.
kate.shuttleworth@hos.co.nz
