The NCSC has published its advice on how to setup these smart cameras safely, in order to avoid live feeds or images being accessed by unauthorised users.
This comes after a number of high profile cases. In December for example a video revealed every parent’s worse nightmare, when the video showed a hacker talking to a young girl in her bedroom in the US, via her family’s Ring camera.
The NCSC looks after the UK’s cyber defences, ever since it was founded four years ago.
But now it is issuing advice for consumers, with some advice about smart cameras.
“Live feeds or images from smart cameras can (in rare cases) be accessed by unauthorised users, putting your privacy at risk,” it said. “This is possible because smart cameras are often configured so that you can access them whilst you’re away from home.”
“The problem arises because some cameras are shipped with the default password set by the manufacturer, which is often easy to guess (such as password or 00000),” the NCSC warned. “Cyber criminals can use these well-known passwords (or other techniques) to access the camera remotely, and view live video or images in your home.
It advised householders to change the default device password to a secure one, and avoid the most commonly used passwords. See our article for password tips.
It also advised homeowners to “keep your camera secure by regularly updating it, and if available switch on the option to install software updates automatically so you don’t have to think about it.”
The NCSC also said that if a user does not need the feature that lets them remotely view camera footage via the internet, it recommend disable it completely.
But the GCHQ division also went further as it also urged consumers to check their router settings.
“Many routers use technologies called UPnP and port forwarding to allow devices to find other devices within your network,” said the NCSC. “Unfortunately, cyber criminals can exploit these technologies to potentially access devices on your network, such as smart cameras. To avoid this risk you should consider disabling UPnP and port forwarding on your router – check your router’s manual or the manufacturer’s website for details about how to do this.”
Also see: How to Secure Your UK Home Wi-Fi
Lack of manufacturer responsibility
One security expert said that manufacturers do also have some responsibility on making their smart cameras more secure.
“IoT breaches are on the rise,” explained Will LaSala, senior director of global solutions at security and anti-fraud specialist OneSpan.
“Devices are being developed and integrated into society at such speed that users are often not aware of the security holes they can possess,” said LaSala. “Originally, devices such as smart cameras and baby monitors were intended to increase safety and security, but they are now bringing unwanted visitors into peoples’ homes virtually.”
“Vendors who manufacture these IoT devices still have a long way to go to make their products fully secure and protect users from incidents like this,” said LaSala. “Quick fixes in the way of SMS authentication are often added, but this simple protocol has been hacked previously in the banking industry and any other industry where it’s been deployed.”
“Security should be built directly into IoT vendors’ platforms, as well as into third-party home routers and networking equipment to really start to reduce these breaches,” he said. “Customers should also ask their IoT vendors the difficult questions of how and when they plan to properly protect their users to hold them to account.”
Opinion: It always best to change the default passwords on any devices that contain simple, easy to remember passwords, if they are easy for you then they are easy for hackers to attack.