As reported by BBC News, smart cameras and baby monitors can be watched by criminals over the internet by default, security chiefs have warned. The National Cyber Security Centre (NCSC) is advising people to tweak the settings after buying them. Easy-to-guess default passwords might let a hacker secretly observe a home through connected devices, it said. The NCSC’s technical director, Dr Ian Levy, warned while the devices were “fantastic innovations”, they were vulnerable to cyber-attackers.
Whenever you need to feed in an IP-number of your device to connect to it, it will also be reachable for attackers. Be very careful in using those devices, most likely there is very limited need for you to be able to monitor your baby when you are not in your house. If you want to, assess the risk of having someone else viewing the child towards the convenience of being able to remotely have the access.
Overall, any home device that shows up where the password is in the manual we advise you to change the password. This is a horrible practice and should be avoided.
If the password is long, complex and on a sticker, or if you are forced to choose one at startup – congratulations, this is compliant with business best practice.
The use of technology has indeed made our lives much easier. The often-overlooked scenario, however, is that when it is too simple to access, those who should not necessarily have access can also gain access.
This is a great reminder that when deploying IoT devices, one should take a few extra minutes to configure them in a secure manner. Many IoT vendors are getting better at providing instructions on how to adequately secure their devices. However, as consumers, we should always ensure that we are being diligent to ensure our IoT devices are configured securely.
Three random words is a good starting block for passwords, but to properly help protect users we really want to see the use of password mangers increasing.
Password managers should not be feared; many people think that putting all their passwords in one place on the cloud will make them somewhat vulnerable to attack. However, it’s the opposite that is true. The clever use of two factor authentication, 2FA, and robust encryption are a far stronger mix than having to remember hundreds of accounts each with three random words.
Furthermore, to fully protect your IoT devices, you should look at implementing 2FA on each of the devices directly too.