|
Is someone watching you right now 
Computer/Internet/Software Articles
Submit Articles Back to Articles
ICO
issued 20 November 2014
ICO issues warning as website
targets insecure webcams
The danger of using weak
passwords has been exposed again this month after a new website was
launched that allows people to watch live footage from some of the
insecure cameras located across the world. The website, which is based
in Russia, accesses the information by using the default login
credentials, which are freely available online, for thousands of
cameras.
The footage is being collected
from security cameras used by businesses and members of the public,
ranging from CCTV networks used to keep large premises secure, down to
built-in cameras on baby monitors. And with 350,000 of these cameras
sold in the UK alone last year, this is a threat that all of us need to
be aware of and be taking action to protect against.
So what actions should you be
taking right now to make sure people aren’t able to access the
information being filmed by your device?
Change your default password
If you take only one security
step when getting any new device, make sure it’s setting a strong
password.
When you begin using your
camera you may be given a simple default password that you’ll need to
enter to get the device working. This might be blank or something as
simple as ‘password’ or ‘12345’ but, even if it isn’t, the default
passwords many manufacturers use are freely available online so make
sure you get it changed. If the device doesn’t have a password, then,
as a bare minimum, you should set one up.
When choosing your password
make sure it’s not one that can be easily guessed. Best practice is to
use a password that contains a mixture of lower and upper case numbers,
letters and characters - if you don’t; you’re potentially leaving your
information vulnerable. This isn’t as inconvenient as it might sound,
because if you are using a smart phone app to connect to the camera the
app will remember the password for you.
You can get more information
about choosing better passwords at Get
Safe Online.
Check all the available
security settings
Most camera systems come with
instructions explaining how to keep the footage you’re capturing
secure. While it’s perfectly natural for you to want to set your camera
up as quickly as possible, take time to read the manual and familiarise
yourself with the security options available to you.
The ability to access footage
remotely is both an internet cameras biggest selling point and, if not
setup correctly, potentially its biggest security weakness. Remember,
if you can access your video footage over the internet then what is
stopping someone else from doing the same?
You may think that having to
type in an obscure web address to access the footage provides some
level of protection. However, this will not protect you from the remote
software that hackers often use to scan the internet for vulnerable
devices. In some cases, insecure cameras can be identified using
nothing more than an internet search engine.
If you have a camera in your
home and have no intention of viewing the footage over the internet,
then the best thing to do is to go into the device’s security settings
and see if you can turn the remote viewing option off. Selecting this
option will not normally stop you from viewing the footage using your
home Wi-Fi network, however read the manufacturer’s instructions to see
what controls are available on your device. As a last resort, you can
always cover the lens if you don’t want to use the camera all of the
time.
Secure all of your other
devices with an internet connection
Webcams aren’t the only
devices that hackers may be able to access remotely.
Think of how much personal
information is stored on your laptop or tablet. You may have financial
information, including bank statements, health information, such as
letters from your local hospital, or other information you’d rather
keep private, for example an application for a new job.
Many programs and apps also
now upload and store your information on cloud servers rather than, or
as well as, the device’s hard drive. While there are new storage
devices, known as personal cloud servers, that sit in your home and
allow you to access the files stored on them remotely using the
internet connection in your home.
The use of the cloud and all
of these devices further increases the amount of information that’s
potentially available if you fail to take adequate steps to keep your
information secure.
You should already have a
strong password on your laptop, tablet or computer to stop a person
accessing the information on your device or on the cloud service it
uses. However, some cloud services allow you to go a step further by
offering two-step authentication.
Two-step authentication offers
you an additional layer of security when logging in to an online
service. It often works by asking you a security question, or by
sending a code to your mobile phone that you must enter during the
login process. So if you have this option turned on, your information
should still remain secure even if your password is compromised.
We all need to be aware of the
threats that exist to our personal information. However, the basic
steps covered in this blog are one’s all of us should be taking as a
matter of routine. If you don’t, then you’re leaving your information
vulnerable and no one likes being watched by a stranger.
You can find further
advice to help you
protect your personal information online and when using other
electronic devices on the ICO website.
The ICO is working with other
global data protection and privacy authorities on collaborative action
connected to the website showing unsecure webcam images, while advising
people on the steps they can take to protect their information.
Authored by ICO Group Manager
for Technology, Simon Rice
About the AuthorThe Information Commissioner’s Office is the UK’s
independent authority set up to uphold information rights in the public
interest, promoting openness by public bodies and data privacy for
individuals. We do this by promoting good practice, ruling on
complaints, providing information to individuals and organisations and
taking appropriate action when the law is broken.
The ICO enforces and oversees the following
legislation:
- Data Protection Act 1998
- Freedom of Information Act 2000
- Privacy and Electronic Communications
Regulations
2003
- Environmental Information Regulations
2004
Follow us @Scopulus_News
Article Published/Sorted/Amended on Scopulus 2014-12-05 09:00:48 in Computer Articles All ICO Articles
|
