NCSC red flags poor security controls in smart cameras and baby monitors

NCSC red flags poor security controls in smart cameras and baby monitors

NCSC warns about IoT device security

The National Cyber Security Centre has published a report advising users to secure their smart cameras and baby monitors that are connected to the Internet, advising them on how to set up their smart cameras to secure them from unauthorised access.

Smart cameras like security cameras and baby monitors are connected to the Internet via home Wi-Fi so that their users can view the live feed on the move. However, like any other smart device, they need to be secured to prevent cyber criminals from accessing them and stealing private data.

According to NCSC's guidance, the simplest way for IoT device users to protect themselves from cyber attacks is to change the default password to a secure one and to avoid using easily-guessable or simple passwords.

Another way to secure monitoring devices is to install regular software updates. NCSC says that consumers should turn automatic updates on, so that updates get installed automatically. Regular security updates not only secure Internet-connected devices but also bring in new features that optimise device utilisation.

“Smart technology such as cameras and baby monitors are fantastic innovations with real benefits for people, but without the right security measures in place they can be vulnerable to cyber attackers,” says Dr Ian Levy, Technical Director at NCSC.

“We want people to continue using these devices safely, which is why we have produced new guidance setting out steps for people to take such as changing passwords. These are practical measures which we can all take to help us get the most out of our home-based technology in a safe way,” he added.

NCSC has also published a guidance on router settings, stating that “many routers use technologies called UPnP and port forwarding to allow devices to find other devices within your network. Unfortunately, cyber criminals can exploit these technologies to potentially access devices on your network, such as smart cameras. To avoid this risk, you should consider disabling UPnP and port forwarding on your router - check your router's manual or the manufacturer's website for details about how to do this.”

“We are working hard to make the UK the safest place to be online and want everyone to have confidence in their connected devices. I recently announced new laws to improve the security standards of internet-connected household products which will hold companies manufacturing and selling these devices to account. I urge everyone who owns a smart product to follow the NCSC guidance to make sure their device is secure,” said Matt Warman, Digital Infrastructure Minister.

IoT device makers should consider PKI solutions to defend against cyber attacks

Welcoming the NCSC guidance, Kiri Addision, Head of Data Science at Mimecast told TEISS that “recent stories involving the hacking of internet-enabled security cameras and Smart TV’s, among other IoT devices, have provided criminals with another opportunity to extort money from victims.”

“It is now widely known that many IoT devices, such as smart cameras, lack basic security and are vulnerable to hacking, meaning that victims are more likely to believe the fraudsters’ claims, since the possibility of their device having really been hacked is highly plausible.

Therefore, it is welcome news to see that the NCSC is providing guidance to consumers to ensure they are taking the necessary steps to make these devices secure. Basic cyber hygiene, such as changing default passwords and regularly updating software, can go a long way to improving device security,” Addision added.

"Connected device security stands to benefit from well-considered legislation and guidance, like these set out by the NCSC. But, while this advice is a good start, we must not fall into the trap of believing that passwords are sufficient to address identified gaps in IoT security," says Tim Callan, Senior Fellow at Sectigo.

"Unfortunately, despite the NCSC recommendations for unique, secure passwords, the password paradigm is fundamentally vulnerable to well-established techniques including phishing, social engineering, and credential stuffing. To get around these problems, manufacturers should consider Public Key Infrastructure (PKI) solutions, which can provide a more trustworthy identity for devices," he added.

ALSO READ: Government to draft new legislation to make IoT devices more secure

Copyright Lyonsdown Limited 2020

Top Articles

Malaysia Airlines flyers impacted in 9-year-long supplier data breach

Malaysia Airlines has suffered a major breach that compromised personal data records of its frequent flyer customers for over nine years.

Universal Health Services lost $67m to a Ryuk ransomware attack last year

Universal Health Services said the cyber attack cost it $67 million in remediation efforts, loss of acute care services, and other expenses.

How the human immune system inspired a new approach to cyber-security

Artificial intelligence is being used to understand what’s ‘normal’ inside digital systems and autonomously fight back against cyber-threats

Related Articles