UK NCSC Releases Tips on Securing Smart Security Cameras

The UK National Cyber Security Centre (NCSC) has released guidance on how to correctly set up smart security cameras and baby monitors to avoid having them hacked by attackers.

This new guidance was released because so-called smart security cameras and baby monitors can put your security and privacy at risk if not configured properly.

Such devices make it possible to watch a live camera feed over the Internet, receive activity alerts when you’re not around the house, and even record surveillance footage for reviewing later in case of any incidents.

By taking the steps detailed by the NCSC, users of such devices can avoid being the victim of threat actors looking to compromise them.

Change your devices’ default passwords

“Smart cameras (the security cameras and baby monitors used to monitor activity in and around your house) usually connect to the internet using your home Wi-Fi,” the NCSC says. “Live feeds or images from smart cameras can (in rare cases) be accessed by unauthorized users, putting your privacy at risk,” the NCSC adds.

“This is possible because smart cameras are often configured so that you can access them whilst you’re away from home.”

The most important measure you can take to secure your smart security cameras is to change your devices’ default passwords to prevent cybercriminals from gaining access via built-in default passwords seeing that many of them come with easy to guess

If not changed, criminals could access a smart security camera or a baby monitor remotely after guessing the default password and watch you or your kid via live video.

To defend against such an attack, the NCSC recommends changing the default password your device ships with a strong passphrase-based password built using three random words you would easily remember.

The FBI also recommends using passphrases that combine several words to obtain long and easy to remember passwords that are also harder to crack by an attacker.

Keep security cameras up to date, disable unneeded remote view

The NCSC also advises security camera users to always update their software and, if such an option is available, to enable automatic software updates.

This would allow keeping the devices up to date at all times while not having to worry about looking for new software releases manually.

“Using the latest software will not only improve your security, it often adds new features,” the NCSC says. “Note that the software that runs your camera is sometimes referred to as firmware, so look for the words update, firmware or software within the app.

The new guidance also recommends disabling Internet access to the smart security camera if you don’t use the feature allowing for viewing camera footage remotely.

“Note that doing this may also prevent you receiving alerts when movement is detected, and could stop the camera working with smart home devices (such as Alexa, Google Home or Siri),” the NCSC adds.

UK government plans to strengthen IoT security

This guidance was released following UK government plans for strengthening the security of internet-connected products that were outlined during late-January.

The new law aims to impose the following requirements from manufacturers of Internet-enabled IoT devices:

• All consumer internet-connected device passwords must be unique and not resettable to any universal factory setting
• Manufacturers of consumer IoT devices must provide a public point of contact so anyone can report a vulnerability and it will be acted on in a timely manner
• Manufacturers of consumer IoT devices must explicitly state the minimum length of time for which the device will receive security updates at the point of sale, either in store or online

In related news, Ring announced the roll-out of mandatory two-factor authentication (2FA) to all user accounts to boost security cameras’ security, after a stream of incidents where attackers terrified homeowners and their children by speaking to them over their Ring devices’ speakers following a series of credential stuffing attacks targeting Ring cameras.