Smart cameras and baby monitors can be watched by Internet criminals by default, security chiefs warn.
The National Cyber Security Center (NCSC) recommends that people change their settings after purchasing them.
Easy-to-guess default passwords could allow a hacker to secretly observe a house through connected devices, he said.
The technical director of the NCSC, dr. Ian Levy warned that while the devices were “fantastic innovations”, they were vulnerable to cyber attacks.
There are many examples of devices that can be accessed without authorization.
In one, the attacker spoke to a girl, pretending to be Santa Claus.
In another, a couple from Leeds had been seen thousands of times online without their knowledge.
And security researchers easily violated an adult toy that had a video camera attached to it in 2017.
The new guide for smart camera owners suggests three steps:
- changing the default password, which is often an obvious word like “admin” or “00000” to an unidentifiable, unique
- keeping the camera software, sometimes called firmware, up to date
- disable features that allow you to control cameras remotely, if you don’t need them or don’t use them
This warning suggests growing concern about the potential dangers posed by the “Internet of Things”.
As connected devices move into people’s homes and everyday life, cybersecurity risks are becoming intensely personal, with challenges in protecting data and people’s privacy.
The cameras that provide details of what’s going on inside the house are an excellent example.
One of the problems is that the companies that manufacture these devices often try to make them cheap and quick to catch the new market – and security is often an afterthought, if you think about it at all.
The problem is bringing not only more warnings like this, but also new laws to impose safety standards.
The consumer group Which?, Which has highlighted safety flaws in children’s toys and other smart devices in the past, supported the new advice.
He says “mandatory safety requirements and strict enforcement” are needed.
In January, the government announced plans to introduce a new law requiring all manufacturers selling smart devices in the UK to obey new rules.
The latest NCSC guidelines also recommend disabling UPnP (universal plug and play) and “port forwarding” in the settings of your Internet router, technologies often used by legitimate services such as online games.