This is my shocked face. I mean who would have seen that coming?
But the cameras are insecure by default, which means that they are insecure forever:
Security researchers managed to access the live feeds of 40,000 internet-connected cameras worldwide and they may have only scratched the surface of what's possible....
Aside from the potential national security implications, cameras were also accessed in hotels, gyms, construction sites, retail premises, and residential areas, which the researchers said could prove useful for petty criminals.
...
"It should be obvious to everyone that leaving a camera exposed on the internet is a bad idea, and yet thousands of them are still accessible," said Bitsight in a report.
Gee, ya think?
There are two problems, both related:
- Profit margins on consumer goods are razor thin. Money spent on secure-by-default designs cost money.
- Most consumer electronics are manufactured in China. The Red Chinese* government doesn't encourage better security for devices intended to be shipped to the USA.
So if you get any of these God forsaken things, look online on how to secure them before you install them. You can get most manuals in PDF - although I expect a lot of them won't go deep into the issue. For example, I can't find a single Youtube video on how to set up a Ring doorbell securely.
Also expect to may more for devices with better security, assuming you can find any.
There's some good ideas on IoT security here. I have posted in the past about having a separate WiFi network that is firewalled off from your home WiFi.
I keep getting ads for security cameras, but I won't have them. I have a dumb phone for the rare times when I need to make a call. I can't keep as private as I would like, but I think I'm less exposed than most people.
ReplyDeleteYes, we've had that discussion. And those programmers know zip nada about security, nor do they care about it. It's NOT in their lane.
ReplyDeleteNever forget the FBI and the CIA and "Fourteen Eyes".
ReplyDeleteTHIS is how THEY want it.
The obvious issue: given that these things come from Communist China where the manufacturers are required to obey orders from the Party, is there any reason to believe that a "security setting", even assuming there is one in the documentation, actually does what it claims to do? I can't see any reason to believe that. The best answer is devices without network interface. Next option is open source, where you can inspect and replace the code. Third is wired networking where you can confidently interpose a "firewall" that blocks outgoing traffic to the Internet.
ReplyDeleteBut whatever you do, don't believe CCP devices come without CCP-mandated back doors.
And don't believe that any device from a "Fourteen Eyes" country comes without "Fourteen Eyes" mandated back doors!
DeleteBy the way, the reason "don't use WiFi" matters is that WiFi signals can go MUCH farther than most people think. Certainly miles, and with a bit of special equipment at the receiving end, I'm pretty sure over 10 miles is easy. The demonstrated max is over 100 miles. So a device that includes WiFi networking can send to a spy van down the street, that's why you need wired networking where such traffic can be blocked.
ReplyDelete