Just over a year ago I appeared on Fox Business and wrote a blog about a Texas couple who learned their child’s baby monitor had been hacked when the intruder started screaming obscenities through the device. At the time the webcam system itself was found to have some glaring vulnerabilities, which were fixed by a firmware update, but I pointed out that the bottom line is that owners had not taken the necessary steps to secure their device and the onus was ultimately on them.
Now the news has broken about the latest in cyber espionage: a Russian website that is streaming footage from thousands of devices, including baby monitors, bedroom cameras, office surveillance systems and CCTV from gyms, in more than 250 countries, including feeds from 4,591 cameras in the United States. Not only are they streaming the footage, but they are providing the coordinates of where the cameras are located!
Great Britain has taken the lead role in pressuring Russia to take down the site, though they will be working with the Federal Trade Commission in the US to try to force the site to close if the Russian authorities fail to cooperate. Of course, neither the UK nor the US have jurisdiction in Russia, so it is simpler to warn people about the site than it is to try to take the site down.
Christopher Graham, the UK Information Commissioner minced no words when asked about the incident. “I will do what I can but don’t wait for me to have sorted this out. The action is in your own hands if you have one of these pieces of kit.”
He went on to say, “We have got to grow up about this sort of thing. These devices are very handy if you want to have remote access to make sure your child is OK, or the shop is alright, but everyone else can access that too unless you set a strong password. This isn’t just the boring old information commissioner saying ‘set a password’. This story is an illustration of what happens if you don’t do that. If you value your privacy, put in the basic security arrangements. It’s not difficult.”
Here is what Britain’s Information Commissioner’s office is advising:
1. Change your password!!!!! These hackers are taking advantage of the fact that camera users receive default passwords (which are freely available online for thousands of cameras) to get devices working — such as “1234.” You often are not prompted to change the password, so you must do it yourself!
2. Switch off the remote access to a webcam if you don’t need it.
3. As a last resort, you can always cover the lens if you don’t want to use the camera all of the time.
4. See my previous blog for even more steps. Do this right after you’ve CHANGED YOUR PASSWORD!
John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.