NCSC issues smart camera cyber warning

Smart camera and baby monitor warning given by UK’s cyber-defender

Smart cameras and baby monitors can be watched by criminals over the internet by default, security chiefs warn.

The National Cyber Security Centre (NCSC) is advising people to tweak the settings after buying them.

Easy-to-guess default passwords might let a hacker secretly observe a home through connected devices, it said.

The NCSC’s technical director, Dr Ian Levy, warned while the devices were “fantastic innovations”, they were vulnerable to cyber-attackers.

There are many examples of devices being accessed without permission.

In one, the attacker spoke to a young girl, pretending to be Father Christmas.

In another, a couple from Leeds had been watched thousands of times online without their knowledge.

And security researchers easily breached an adult toy that had a camera attached, in 2017.

The new guidance for owners of smart cameras suggests three steps:

  • changing the default password, which is often an obvious word like “admin” or “00000” to an unguessable, unique one
  • keeping the camera’s software, sometimes called firmware, updated
  • switching off features that let you check the cameras remotely, if you don’t need or use it

Consumer group Which?, which has highlighted security flaws in the past in children’s toys and other smart devices, backed the new advice.

It says “mandatory security requirements and strong enforcement” are needed.

In January, the government announced plans to bring in a new law to require all manufacturers selling smart devices in the UK to obey new rules.

But while such regulations are “a positive step”, some experts believe they could go further.

Additional steps could include mandatory two-factor authentication, according to Blake Kozak, a smart home analyst with Omdia.

“More detailed legislation will be needed to enforce best practices by brands, from the components in the devices to the security of data centres,” he said.

The NCSC’s latest guidance also recommends disabling UPnP (universal plug and play) and “port forwarding” in the settings of your internet router – technologies often used by legitimate services such as online gaming.

Source: bbc.co.uk

Cyber security

Cyber security

Leave a Reply

Follow us

Get in Touch
Close

Call Us

Main Office: +44 (0) 1279 216726

Risk Consulting
Email: [email protected]
Call: 44 (0) 1279 874 528

Physical and Asset Security
Email: [email protected]
Call: +44 (0) 1279 874 532

Security Systems
Email: [email protected]
Call: 44 (0) 1279 874 521

Maritime Security
Email: [email protected]
Duty Manager: +44 (0) 7827 359132
24/7 Emergency Telephone: +44 (0) 1202 045 833