There is perhaps no more nightmarish violation than home invasion. Your home is where you feel safe and care for your loved ones. It’s where you’re particularly vulnerable. And in the age of IoT, you open a new gateway into your home with each new connected device. Hackers know this well, and you can bet they will test the security of every one of those gates. One way we see this playing out is in webcam security – which is a growing issue. In September a white-hat hacker revealed that 15,000 webcams made by nine companies could be viewed by anyone online, and many could be manipulated remotely. What would these attacks look like? Real-life examples can be disturbing.
Webcam hack #1: The invisible kidnapper
A particularly scary webcam hack report hails from a Texas home, where a mom and dad got the creepiest surprise of their lives. They were lying in bed when they heard disturbing noises coming from their 4-month-old’s nursery — specifically, an adult male uttering expletives. When they sprang from their bed and turned on a light, they were instructed by a voice coming from the Nest camera in their bedroom to turn off the light. The male voice proceeded to tell them that he was going to kidnap their baby, and that he was in the baby’s room at that very moment.
Dashing to their baby’s room, they found the child alone. The intruder’s voice earlier had been coming through the Nest camera in the nursery. Realizing they’d been hacked, they shut down their Wi-Fi and reported the incident to Nest. The company did not offer much sympathy, however, putting the onus of the breach back on the family, citing poor or repeated passwords.
Cold though it may seem, Nest has a point. Their products do not come with default logins, so the security is entirely in the owner’s hands.
Webcam hack #2: The dubious good guy
Another even stranger webcam hacking story comes from Arizona. This one also involves a Nest camera, but no children. An Arizona man was in his backyard when he heard a strange voice coming from inside his house, which was supposed to be empty. He walked inside, following the sound of the voice, and discovered it emanating from the Nest camera he had situated at his front window.
The voice purported to be a “white hat hacker,” somebody who focuses on hacking into all security protocols in the name of finding flaws that can then be fixed. The hacker informed the resident that his info had been compromised, and proved it by reciting a password the resident used. The hacker claimed that his intent was purely to show the resident how vulnerable his security was.
Much like the case above, when Nest was alerted to the situation, the company advised the owner to change passwords and to enable two-factor authentication.
5 tips to a safer webcam
Keep control of the connected lenses in your home with these tips to stronger security.
Review and understand your security options for every device. The default settings will not always be what you want. As you set up each new device, employ the most protection you can and use that as your starting point. If you find it restricts your use of the device in any way, you can always dial back the security to a more comfortable setting.
Update the firmware and software of the device immediately as updates are available. A common reason for the updates is a security improvement.
Use strong and unique passwords for all your accounts (especially change the passwords for devices that come with default passwords, like your router, some webcams, etc.). While it can be tempting, resist the urge to use the same password across multiple accounts. Get yourself a password manager to remember all of them, and your logins suddenly become automatic and more secure at the same time.
If the device or software you are using allows two-factor authentication (2FA), enable it.
Know the telltale signs of phishing scams so you can avoid them at all costs. If a hacker assumes control of your webcam, he or she does so through a RAT, a remote access Trojan. And the RAT gets in by fooling you into downloading it through phishing tactics. The TL;DR of phishing defense is this: Be wary of any links or downloads emailed or texted to you.
Bonus tip: Every once in a while, look yourself up in a database like Avast Hack Check to see if info’s been breached from one of your accounts. If your password has been leaked in a breach, change your password immediately.
It’s almost axiomatic — the more connected devices we put in our homes, the more career hackers are going to try to crack into them. Keep the above tips in mind so you’re never caught with your pants down, as it were.