Sign up to our newsletter
Many homes have not one but several cameras aimed inside the home – and that’s not including the ones inside smartphones and tablets.
As baby monitors and surveillance cameras have boomed in popularity, so have the risks – as highlighted by a Russian site showing off feeds from thousands of unsecured cameras.
As such gadgets have got cheaper, manufacturers have cut corners – and that means if you don’t pay attention, you could be at risk.
Our tips for webcam security are below.
There have been several cases where cybercriminals have been able to access video feeds from baby monitors – or worse.
Last year, one shocking case saw a baby monitor company penalized in the US for a webcam security system so weak that a hacker was able to spy on and insult a baby via the camera, from far away.
There is no magic bullet for webcam security when it comes to baby monitors (if your home network is compromised, for instance) – but it pays to spend a little more, according to Consumer Reports.
Generally speaking, baby monitors which connect to your Wi-Fi network are more secure, rather than ones which use a bespoke radio connection – these are more expensive, but for security-conscious parents, probably worth the extra.
The ‘open door’ which can allow cybercriminals to control webcams is firmware which has not been properly updated – so ensure yours is.
The easiest way to do this is to register your camera with the manufacturer.
ESET security expert Stephen Cobb says, ‘The most important thing for webcam security is to register your camera.
‘Follow the advice on the packaging.’
Speaking to Popular Mechanics, Cobb says that unless cameras are registered, the manufacturers will find it hard to locate and push firmware updates to the camera – leaving users insecure.
Any camera which connects directly to the internet – and this will include most models of home or commercial surveillance and security camera, plus baby monitors – should be treated with extra care.
Specifically, you should not use the device without changing the password. It can be easy to ignore this step, as most will have a default password which is there to make the set-up process easier.
ESET Security Specialist Mark James says that the URL used to log in to such cameras, and the default password will be easily found online – and these facts will be known to cybercriminals.
James says, “Education is the key point here, the end user needs to be fully aware that a default password exists and easy instructions on how to change it.”
“Of course a complex password is best using a mixture of upper and lower case letters, numbers and characters – but anything is better than the default password… anything!”
Webcams are not a piece of hardware to skimp on – many of the scandals involving unsecured webcams have involved cheaper brands, or old, outdated hardware.
ESET security expert Stephen Cobb suggests that reading reviews is crucial – and visiting forums and searching Google News to check for reports of hacking is a good follow-up step.
Attacks against PC webcams will mostly use phishing and other recognizable cybercrime techniques – Dark Reading points out that camjackers usually rely on phishing attacks to install the tools (such as remote-access tools, or RATs) that they rely on.
Malware known as RATs (Remote Access Tools) allows criminals to look through the webcams of compromised PCs – and a repellent class of criminal known as ‘Ratters’ sells access to these via unpleasant sites on the internet.
Make sure your antivirus software is up-to-date, and ensure that other software such as your OS is, too.
Be aware that some malware can make webcams operate without their lights going on – so scan your computer regularly.
For PC webcams, the most basic tactics are the most effective – unplug them if you can, or if not stick a piece of tape over the lens.
Many modern models come with a ‘privacy shield’ to block the lens – if you have one, use it when the camera isn’t in use.
Where possible, disable remote viewing on web-connected devices. For CCTV cameras, remote viewing is an essential – it gives you peace of mind to be able to see into your home. But for other devices, such as baby monitors, it’s not: you are in the home with your baby, so you have no need for the footage to be available via the internet.
You will be able to disable this via the settings menu – and it’s a good idea to do do so straight away. Hackers will use specialist search tools to find connected devices, and if they’re not protected by passwords, your baby will be at their mercy.
Simon Rice of Britain’s Information Commissioner’s Office says, ‘The ability to access footage remotely is both an internet cameras biggest selling point and, if not setup correctly, potentially its biggest security weakness. Remember, if you can access your video footage over the internet then what is stopping someone else from doing the same?’
Security researchers have shown off attacks where cameras on Smart TVs can be accessed via the internet – and some forms of malware can allow crooks to look through your PC webcam.
If you’re not using it, switch it off. If it’s built in to the gadget, put a piece of tape over the lens when it is not in use.
If you are using surveillance or security cameras, don’t point them at anything which could give away details about your identity or your location.
This information is valuable.
Think about where you’re pointing your cameras.
The point of security cameras is to give you peace of mind – so point them at entrances to your house, rather than giving someone a view of the goods and people in there.
Author Rob Waugh, We Live Security