May 6, 2014 No Comments-
Kristian A. Bognaes, Director, Norman Safeground Development Center
– As with last month’s blog entry, I will again start this month’s entry by talking about devices on the internet. By now, we are all well aware of the need to protect yourself and your computers when accessing the internet. You may need to protect more than just your computers, though. Please read on.
Cloud-enabled baby monitors and cameras under attack
Camera-equipped baby monitors have been on the market for a few years. These have typically consisted of a camera with a transmitter and a portable receiver with a monitor screen. More recent and advanced models will connect to the owner’s cloud account and communicate using local WiFi access points instead of a short-range proprietary UHF link. This is very convenient, and allows parents to watch a live video stream on their smartphone or tablet. Some models even allow the parent to ‘talk back’ through the camera.
A news story in April, however, talks about how someone on the internet broke into such a baby monitor. The parents were alerted to the problem when they heard a stranger’s voice yelling in their child’s bedroom at night. It turns out that this particular camera had a security flaw which made it trivial for anyone on the internet to access the camera, move it and talk through it. A similar story hit the news in August last year, so it is clear that these devices may pose a risk if not secured correctly.
Baby monitors, general security cameras, and any other network enabled device must be kept up-to-date with firmware updates to prevent being exploited by someone on the internet. In addition, wireless networks and –devices must make use of network encryption (WPA2). Access points should not broadcast their SSID names and should also offer limited lease-time on DHCP sessions. Incoming connections from the net should be logged, firewalled and be terminated by default. Only specific services should be exposed to the internet, and then only through secure connections where the service is password protected. Finally, passwords should be strong and be replaced frequently. You have to assume that any new network-enabled device comes without a password set and will have to be secured before use. Similarly, the accounts on the associated cloud services should follow the same strong password-changing scheme.
Sounds complicated? It may or may not be. It is a matter of how to secure your network ‘well enough’. Make a list of the network-enabled devices you have in addition to your regular computers. Include your routers and access points. For each device, consult with the user’s manual and make sure that:
Norman Safeground Blogs Archive