Smart cameras vulnerable to hacking, highlights the NCSC

Smart cameras and other Internet of Things devices are being targeted by cyber-hackers because owners aren’t changing default settings, highlights the National Cyber Security Centre (NCSC). 

As they increasingly become popular in households, owners of smart devices – cameras in particular – are being advised to change the default passwords and settings to reduce the risks of being hacked. According to the NCSC and other security chiefs, these products are vulnerable to cyber-attacks, as users rarely change the initial passwords and ignore software updates.

Previous cases of cyber-attackers intruding into owners’ homes through smart cameras include an attacker speaking to a young girl through a baby-monitor, pretending to be Father Christmas, and a couple from Leeds being watched by thousands online, without their knowledge.

What to do to prevent smart devices from being hacked

NCSC has listed steps to protect devices at home, including: 

• Applying device software (often called firmware) updates. Not only does this improve its features, but regularly applying relevant software updates will also strengthen its security features.
• Changing the default password to a unique one and remembering to mix letters and numbers. The default password is usually short and easy to guess, such as ‘admin’ or ‘0000’, making it easy for hackers to gain access. Passwords shipped from the same company can also sometimes have the same passwords, so if the password is leaked for one device owner, it is also leaked for others.
• Switching off features that allows users to check the camera remotely, if it is not in use. This will prevent hackers from viewing or listening to activity in the room where the device is.
• Disabling UPnP (universal plug and play), and “port forward” in the settings of internet routers.

The Government announced plans to introduce a new law in January, for all manufactures selling smart devices in the UK to comply by legislation to decrease hacking. The plans set to be brought in by the Government, outlined in the Consultation on regulatory proposals on consumer IoT security, have included:

• All consumer internet-connected device passwords must be unique and not resettable to a universal factory setting
• Manufacturers must provide a public point of contact for vulnerability reports
• Manufacturers must state the minimum amount of time for which the device will receive security update

Digital Minister in the UK, Matt Warman, stated: “Our new law will hold firms manufacturing and selling internet-connected devices to account and stop hackers threatening people’s privacy and safety. It will mean robust security standards are built in from the design stage and not bolted on as an afterthought.”

However, Blake Kozak, a Smart Home Analyst at Omdia, believes that more needs to be done, such as including a mandatory two-factor authentication. He said: “More detailed legislation will be needed to enforce best practises by brands, from the components in the devices to the security of data centres.”

Dr Ian Levy, Technical Director at NCSC commented: “Smart technology such as cameras and baby monitors are fantastic innovations with real benefits for people, but without the right security measures in place, they can be vulnerable to cyber attackers.

“There are practical measures which we can all take to help us get the most out of our home-based technology in a safe way.”

Register today for IFSEC 2023

16-18 May 2023, ExCeL London | IFSEC 2023: Recognising the past, embracing the future

Join thousands of likeminded security and risk professionals at IFSEC 2023 in May, as the UK's largest and longest running security event looks ahead to what's next in the sector as it celebrates its 50th birthday. This year will see the launch of the IFSEC distributor network, while London's new Elizabeth Line makes travel to the venue easier than ever!

You’ll find hundreds of leading exhibitors from the physical and integrated security sector, showcasing all the latest in video surveillance, access control, intruder detection, perimeter protection and software solutions. Join the community and secure your ticket today!

Secure your FREE ticket today!