Norman Safeground Blogs

insight, opinion & information

 
 

In the news – Cloud-enabled baby monitors and cameras under attack

Kristian Bognaes

In the News – April 2014

Kristian A. Bognaes, Director, Norman Safeground Development Center

- As with last month’s blog entry, I will again start this month’s entry by talking about devices on the internet. By now, we are all well aware of the need to protect yourself and your computers when accessing the internet. You may need to protect more than just your computers, though. Please read on.

 

Cloud-enabled baby monitors and cameras under attack

Camera-equipped baby monitors have been on the market for a few years. These have typically consisted of a camera with a transmitter and a portable receiver with a monitor screen. More recent and advanced models will connect to the owner’s cloud account and communicate using local WiFi access points instead of a short-range proprietary UHF link. This is very convenient, and allows parents to watch a live video stream on their smartphone or tablet. Some models even allow the parent to ‘talk back’ through the camera.

A news story in April, however, talks about how someone on the internet broke into such a baby monitor. The parents were alerted to the problem when they heard a stranger’s voice yelling in their child’s bedroom at night. It turns out that this particular camera had a security flaw which made it trivial for anyone on the internet to access the camera, move it and talk through it. A similar story hit the news in August last year, so it is clear that these devices may pose a risk if not secured correctly.

Baby monitors, general security cameras, and any other network enabled device must be kept up-to-date with firmware updates to prevent being exploited by someone on the internet. In addition, wireless networks and –devices must make use of network encryption (WPA2). Access points should not broadcast their SSID names and should also offer limited lease-time on DHCP sessions. Incoming connections from the net should be logged, firewalled and be terminated by default. Only specific services should be exposed to the internet, and then only through secure connections where the service is password protected. Finally, passwords should be strong and be replaced frequently. You have to assume that any new network-enabled device comes without a password set and will have to be secured before use. Similarly, the accounts on the associated cloud services should follow the same strong password-changing scheme.

Sounds complicated? It may or may not be. It is a matter of how to secure your network ‘well enough’. Make a list of the network-enabled devices you have in addition to your regular computers. Include your routers and access points. For each device, consult with the user’s manual and make sure that:

  • If the device has a web-based user interface, make sure that the log-in uses a strong password.
  • Enable encryption if the device is wireless. Use WPA2.
  • Go to the manufacturer’s web site and look for updates to the firmware. The users’ manuals often describe the procedure for firmware updating.
  • Finally, always ask yourself if you really need a particular wireless network device.
  • It is a bit of work, but it is always good to have security in mind when deploying wireless devices. After all, it is no fun to be yelled at by your newly acquired baby monitor.

Tags: , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

 

 
Norman

The Author:

Business Bloggers

Norman Safeground Blogs Archive