Before it was forced to shutdown, insecam.com had a listing of over 73,000 private cameras, available for viewing by anyone. Hikvision DVR's (and DVR's in general) were especially prized because of their 8 and 16 channel views. Although this site was pressured to close, the lists of unsecured cameras/devices grows, with new sites to view them as well.
Which leads me to a crazy idea. Why not, in an automated fashion, log in to all these devices and leave some calling card that would alert/motivate the owner to change the password. Something non-destructive but visible is needed. How about making all camera titles say "change password - device was accessed from Internet.". Or in an overlay? Ideas?
Going the whole hog and changing the firmware automatically is unlikely to fly in the U.S., but maybe in China it could be done for interests of national security.
Is this an old idea that has already been shot down?