For $28, you can hack into a stranger's internet-enabled webcam

Yi Shu Ng

If you have an web-connected camera, you should change your password ASAP.

For just 188 yuan ($28), you can buy software that would allow you to hack into connected cameras, Chinese state broadcaster CCTV warns

SEE ALSO: Apple's new acquisition wants to watch you while you sleep (but not in a creepy way)

Such software can easily scan for and access vulnerable devices, which are commonly used as baby monitors and surveillance cameras in the home.

Hackers in China have also set up large groups on social networks such as QQ, to offer usernames and passwords to compromised devices.

(Left) A list of users offering a means to hack into webcams; (Middle) A user proffering means to hack into a webcam; (Right) Lewd pictures taken off webcams that are being used to advertise compromised webcams

Image: Ng Yi Shu/Mashable

(Left) A list of groups where hackers list compromised webcams and software for sale; (Right) A detailed look at one of the top groups.

Image: Ng Yi Shu/MashablE

A list of compromised cameras and login credentials. The filename reads: "If you share, your whole family will die."

Image: Weibo

Download statistics for the various lists.

Image: Weibo

Lists of up to 200 to 400 compromised cameras and their login credentials are given away each day for free and downloaded by hundreds of people, CCTV reported.

The lists are given away for free, so as to market the software. 

Cybersecurity experts said camera owners who don't change the default user IDs or passwords open themselves up to way more danger.

Cameras are fairly easy to breach because many of them use similar firmware, added Eugene Aseev, vice-president of engineering at data protection firm Acronis.  

"Once there is a weakness or vulnerability found in this firmware, all these devices [will] start to share this weakness or vulnerability," Aseev told Mashable. Vulnerabilities in firmware for Internet-connected devices led to the rise of the Mirai botnet in September last year.

Users should avoid using default device configurations, and update their devices' firmware frequently.

"Once you have unpacked a brand new internet-connected piece of hardware, spend a little time playing with its configuration," the expert said. "Common default unchanged [passwords] on thousands of a primary flaw that is being leveraged by attackers."

WATCH: This Lego camera actually works

Https%3a%2f%2fblueprint api uploaders%2fdistribution thumb%2fimage%2f6071%2ff3da8805 a6b3 495b b143 6102ebad0ef1