Security service warns smart cameras and baby monitors could be accessed by criminals

  03 March 2020    Read: 1676
Security service warns smart cameras and baby monitors could be accessed by criminals

Cyber criminals could access smart cameras and baby monitors if left unsecured, warns the National Cyber Security Centre.

The National Cyber Security Centre (NCSC) has warned owners of smart cameras and baby monitors that cyber criminals could access these devices if users haven't changed their default passwords.

In a joint announcement with the consumer group Which? the government agency responsible for cyber defence warned that live feeds from these cameras could be accessed by criminals.

This posed a privacy challenge in itself, but could also be used by thieves and criminals to assist them when performing burglaries or similar attacks.

To address the risk the NCSC encourages people to change their smart camera's default password using the app they use to manage the device. They suggest connecting three random words together which you will remember.

Users should also keep their cameras secure by regularly updating their security software, and if they do not use the feature which allows them to remotely access the device from the internet, to disable it.

Speaking to Sky News last year, the then Digital Secretary Margot James said the government was prepared to force manufacturers and retailers' hands when it comes to selling insecure internet-connected devices.

Ms James warned consumer privacy and security was "at risk" because of flaws in security standards in internet of things (IoT) devices.

The issue is likely to grow as more consumer IoT devices - everyday objects connected to the internet which can communicate with each other over the web - become part of the average British household, Ms James added.

This January the government announced plans to bring in laws which would make manufacturers of smart devices adhere to three rules:

All consumer internet-connected device passwords must be unique and not resettable to any universal factory setting;

Manufacturers of consumer IoT devices must provide a public point of contact as part of a vulnerability disclosure policy, so anyone can report a vulnerability;

Manufacturers of consumer IoT devices must explicitly state the minimum length of time for which the device will receive security updates at the point of sale, either in store or online.

The digital infrastructure minister Matt Warman said: "We are working hard to make the UK the safest place to be online and want everyone to have confidence in their connected devices.

"I recently announced new laws to improve the security standards of internet-connected household products which will hold companies manufacturing and selling these devices to account.

"I urge everyone who owns a smart product to follow the NCSC guidance to make sure their device is secure."

Caroline Normand, Which? director of advocacy, added: "Which? has repeatedly exposed serious security flaws with devices including wireless cameras and children's toys.

"Mandatory security requirements and strong enforcement that ensures manufacturers, retailers and online marketplaces are held accountable for selling unsecure products is essential.

"Until new laws are in place, it is vital that consumers research smart device purchases carefully, and follow guidance to ensure their devices are protected by strong passwords and receiving regular security updates to reduce the risk of hackers exploiting vulnerabilities," she added.

More about: Cyber-criminals   babies