A malicious actor can write a simple script that scrapes Google for all inurl:viewerframe mode motion my location new results. The script can then parse the HTML of those pages to extract the GPS coordinates and the live video token.
In some cases, the camera interface also reveals the device’s firmware version, network details, and even the owner’s approximate location via embedded GPS data or reverse IP geolocation.
Alternative services like provide similar functionality, offering tools to search HTTP responses, server headers, and page titles across the entire internet. They are powerful complements to Google Dorking, offering different sets of filters like http.title and http.headers.server to refine searches. For the average user, Shodan and Netlas represent the "professional" version of the vulnerability that Google Dorking exposes on a more amateur level.
These terms are more ambiguous. In the context of Google dorking, my location may appear in the camera’s interface when it tries to geolocate the viewer or display coordinates. Some camera software includes a “my location” button to center the map on the user’s position. The word new could be part of a script name (e.g., newstyle.css ) or a parameter indicating a newer version. Alternatively, users add these terms hoping to find cameras that show real-time location data or recently updated feeds. inurl viewerframe mode motion my location new
The use of such search queries sits in a gray area. On one hand, security researchers argue that discovering unsecured cameras is a public service—it highlights the scale of IoT insecurity and pressures manufacturers to improve defaults (e.g., requiring password changes upon first use). On the other hand, accessing a camera’s feed without the owner’s explicit permission violates computer fraud and abuse laws in many jurisdictions (e.g., the CFAA in the U.S., the Computer Misuse Act in the UK). Even if the URL is publicly indexed by Google, the expectation of privacy remains for the camera owner, and unauthorized viewing can constitute illegal surveillance.
This article explores what this search query means, how it exposes private security cameras, how search engines like Shodan track these devices, and how you can protect your own network from being exposed. What is a Google Dork?
: Ensure a strong, unique password is set for the admin account. Disabling Public Indexing robots.txt A malicious actor can write a simple script
Google actively tries to remove sensitive content from its index when notified. You can report an exposed camera feed via Google’s “Remove outdated content” tool. However, Google cannot proactively police every indexed device. The responsibility ultimately falls on device owners to secure their cameras.
As this practice became more widely known, the list of searchable URLs expanded. The dork inurl:"ViewerFrame?Mode=" specifically targeted Panasonic cameras. Other common dorks included:
The range is staggering, from the mundane to the highly sensitive. These terms are more ambiguous
: Instructs the interface to load in a mode that typically handles live video streaming or motion-triggered events. my location / new
While just seeing a video feed is bad enough, the inclusion of my location and new suggests a specific firmware vulnerability. In some DVR models, the my_location variable is not sanitized. When you load the viewerframe page, the server sends your browser the stored location data.
This "dork" is frequently used by researchers (and hackers) to find live camera feeds that have been left open without password protection. These feeds can include anything from public traffic cameras to private security systems in offices or homes. Common Variations
This operator tells Google to only show results where the specified text appears directly inside the website's URL.