A Russian website is showing of thousands of feeds of live footage from inside homes, businesses and even nurseries - and many of the unknowing victims are in Britain.
The attacker is not infecting PCs with malicious software to achieve this - it’s simply that most people leave baby monitors, CCTV systems and other webcams open to attack.
The site was contacted by Britain’s Information Security Officer - but the Russian operator says he is merely trying to highlight the security weaknesses of such systems.
Symantec’s Security CTO, Greg Day, said in an earlier interview that the rush to get such ‘Smart Devices’ into homes has meant risks, “We've seen this lack of attention to security in the past, together with resulting weaknesses in the technological fabric which are open to exploitation by cybercriminals.”
One researcher showed how he could ‘haunt’ a home hundreds of miles away by hacking into the website for their ‘smart’ lighting system - and last year, one shocking case saw a baby monitor company penalised in the US for a security system so weak that a hacker was able to spy on and insult a baby via the camera, from far away.
The faulty software allowed anyone with the right internet address to freely access the “feed” from Trendnet cameras - and has prompted an investigation by America’s Federal Trade Commission into the safety of “connected” devices.
Marc Gilbert, of San Antonio, said that he saw the baby monitor move and heard a voice say, “Wake up, you little [expletive]”
Thankfully, there are steps you can take to keep your cameras safe from prying eyes.
Change the default password
Simon Rice of the Information Commissioner’s Office says, ‘When you begin using your camera you may be given a simple default password that you’ll need to enter to get the device working. This might be blank or something as simple as ‘password’ or ‘12345’ but, even if it isn’t, the default passwords many manufacturers use are freely available online so make sure you get it changed. If the device doesn’t have a password, then, as a bare minimum, you should set one up.’
It’s good to have a hard-to-guess password - ie one with a mix of numbers, letters and special characters, and which can’t easily be guessed (ie not the name of your dog) - but the MOST important thing is to change it. If you’re using a webcam, you should do it as soon as you have the device working.
Disable remote viewing
For CCTV cameras, remote viewing is an essential - it gives you peace of mind to be able to see into your home. But for other devices, such as baby monitors, it’s not: you are in the home with your baby, so you have no need for the footage to be available via the internet.
You will be able to disable this via the settings menu - and it’s a good idea to do do so straight away. Hackers will use specialist search tools to find connected devices, and if they’re not protected by passwords, your baby is at their mercy.
Simon Rice of the ICO says, ‘The ability to access footage remotely is both an internet cameras biggest selling point and, if not setup correctly, potentially its biggest security weakness. Remember, if you can access your video footage over the internet then what is stopping someone else from doing the same?’
If you’re not using a camera, switch it off
Security researchers have shown off attacks where cameras on Smart TVs can be accessed via the internet - and some forms of malware can allow crooks to look through your PC webcam.
If you’re not using it, switch it off. If it’s built in to the gadget, put a piece of tape over the lens when it is not in use.
Think about where you’re pointing your cameras
The point of security cameras is to giive you peace of mind - so point them at entrances to your house, rather than giving someone a view of the goods and people in there.
If the camera is showing a view of a door, hackers are unlikely to remain interested.