Smart camera and baby monitor warning given by UK's cyber-defender

[steven36]

Smart cameras and baby monitors can be watched by criminals over the internet by default, security chiefs warn.

The National Cyber Security Centre (NCSC) is advising people to tweak the settings after buying them.

 

Easy-to-guess default passwords might let a hacker secretly observe a home through connected devices, it said.

 

The NCSC's technical director, Dr Ian Levy, warned while the devices were "fantastic innovations", they were vulnerable to cyber-attackers.

 

There are many examples of devices being accessed without permission.

 

In one, the attacker spoke to a young girl, pretending to be Father Christmas.

 

In another, a couple from Leeds had been watched thousands of times online without their knowledge.

 

And security researchers easily breached an adult toy that had a camera attached, in 2017.

 

The new guidance for owners of smart cameras suggests three steps:

• changing the default password, which is often an obvious word like "admin" or "00000" to an unguessable, unique one
• keeping the camera's software, sometimes called firmware, updated
• switching off features that let you check the cameras remotely, if you don't need or use it

This warning suggests growing concern about the potential dangers posed by the "internet of things".

 

As connected devices move into people's homes and everyday lives, cyber-security risks are becoming intensely personal, with challenges in protecting people's data and privacy.

 

Cameras that provide details of what is going on inside your house are a prime example.

 

One of the problems is the companies making these devices often try to make them cheap and fast to capture the new market - and security is often an afterthought, if it is thought about at all.

 

The problem is leading towards not just more warnings such as this one but also new laws to mandate security standards.

 

Consumer group Which?, which has highlighted security flaws in the past in children's toys and other smart devices, backed the new advice.

 

It says "mandatory security requirements and strong enforcement" are needed.

 

In January, the government announced plans to bring in a new law to require all manufacturers selling smart devices in the UK to obey new rules.

 

But while such regulations are "a positive step", some experts believe they could go further.

 

Additional steps could include mandatory two-factor authentication, according to Blake Kozak, a smart home analyst with Omdia.

 

"More detailed legislation will be needed to enforce best practices by brands, from the components in the devices to the security of data centres," he said.

 

The NCSC's latest guidance also recommends disabling UPnP (universal plug and play) and "port forwarding" in the settings of your internet router – technologies often used by legitimate services such as online gaming.

 

Source

[zanderthunder]

Smart cameras and baby monitors vulnerable to hackers, warns British cyber security agency

 

LONDON: Baby monitors and wireless cameras risk being hacked by cyber criminals unless people take security measures to protect themselves, British security experts warned on March 3.

 

Internet-connected cameras used in the home are becoming popular and affordable, but security flaws mean live feeds or images, including of children sleeping, could be accessed by hackers, said Britain's national cyber security agency.

 

The National Cyber Security Centre urged users to change default passwords, regularly update security software and disable remote Internet access if not being used regularly.

 

Hacked feeds showing people in their homes going about their daily lives have appeared online in recent years. In December, a video showing a hacker speaking to a nine-year old girl in the United States through a monitor was shared online.

 

Families should think carefully before using this technology in their homes, said Silkie Carlo, director of Big Brother Watch, a civil liberties group.

 

"Many of these 'smart' cameras are essentially Internet-connected surveillance cameras that can either send data to big tech companies or leak data to hackers," Carlo said by email.

 

Firms making these devices should consider security as a priority rather than an afterthought, she said.

 

Britain recently announced new laws that would hold companies manufacturing and selling such devices to account if they fail to improve security settings.

 

Until these laws are in place, consumers themselves will have to do research and take measures to protect themselves, said Caroline Normand, director of advocacy at Which?, a consumer rights group.

 

The guidance comes amid growing debate over the digital rights of young children, particularly with the rise of tracking apps on mobile phones and their images shared online by parents.

 

In January Britain's data watchdog announced a new code that would require companies to tell children if their products include parental controls to show when they are being monitored.

 

Source: Smart cameras and baby monitors vulnerable to hackers, warns British cyber security agency (via TheStar Online)