IFSEC Insider is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Smart cameras and other Internet of Things devices are being targeted by cyber-hackers because owners aren’t changing default settings, highlights the National Cyber Security Centre (NCSC).
As they increasingly become popular in households, owners of smart devices – cameras in particular – are being advised to change the default passwords and settings to reduce the risks of being hacked. According to the NCSC and other security chiefs, these products are vulnerable to cyber-attacks, as users rarely change the initial passwords and ignore software updates.
What to do to prevent smart devices from being hacked
NCSC has listed steps to protect devices at home, including:
Applying device software (often called firmware) updates. Not only does this improve its features, but regularly applying relevant software updates will also strengthen its security features.
Changing the default password to a unique one and remembering to mix letters and numbers. The default password is usually short and easy to guess, such as ‘admin’ or ‘0000’, making it easy for hackers to gain access. Passwords shipped from the same company can also sometimes have the same passwords, so if the password is leaked for one device owner, it is also leaked for others.
Switching off features that allows users to check the camera remotely, if it is not in use. This will prevent hackers from viewing or listening to activity in the room where the device is.
Disabling UPnP (universal plug and play), and “port forward” in the settings of internet routers.
The Government announced plans to introduce a new law in January, for all manufactures selling smart devices in the UK to comply by legislation to decrease hacking. The plans set to be brought in by the Government, outlined in the Consultation on regulatory proposals on consumer IoT security, have included:
All consumer internet-connected device passwords must be unique and not resettable to a universal factory setting
Manufacturers must provide a public point of contact for vulnerability reports
Manufacturers must state the minimum amount of time for which the device will receive security update
Digital Minister in the UK, Matt Warman, stated: “Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people’s privacy and safety. It will mean robust security standards are built in from the design stage and not bolted on as an afterthought.”
However, Blake Kozak, a Smart Home Analyst at Omdia, believes that more needs to be done, such as including a mandatory two-factor authentication. He said: “More detailed legislation will be needed to enforce best practises by brands, from the components in the devices to the security of data centres.”
Dr Ian Levy, Technical Director at NCSC commented: “Smart technology such as cameras and baby monitors are fantastic innovations with real benefits for people, but without the right security measures in place, they can be vulnerable to cyber attackers.
“There are practical measures which we can all take to help us get the most out of our home-based technology in a safe way.”
Register today for IFSEC 2023
16-18 May 2023, ExCeL London | IFSEC 2023: Recognising the past, embracing the future
Join thousands of likeminded security and risk professionals at IFSEC 2023 in May, as the UK's largest and longest running security event looks ahead to what's next in the sector as it celebrates its 50th birthday. This year will see the launch of the IFSEC distributor network, while London's new Elizabeth Line makes travel to the venue easier than ever!
You’ll find hundreds of leading exhibitors from the physical and integrated security sector, showcasing all the latest in video surveillance, access control, intruder detection, perimeter protection and software solutions. Join the community and secure your ticket today!
Smart cameras vulnerable to hacking, highlights the NCSCSmart cameras and other Internet of Things devices are being targeted by cyber-attackers because of the use of default settings, says the National Cyber Security Centre.
Samah Ahmed
IFSEC Insider | Security and Fire News and Resources
Related Topics
More organisations to benefit from National Cyber Security Centre’s cyber incident response scheme
ICO issues warning over smart devices collecting personal data
Perimeter fencing manufacturer hit by cyber-attack
[…] cameras are connected to the internet and allow users to access them remotely. However, the misconfiguration of these devices makes them highly vulnerable to […]
[…] cameras are connected to the internet and allow users to access them remotely. However, the misconfiguration of these devices makes them highly vulnerable to […]