* Unsecured home security cameras hijacked
* Stolen images circulate on Discord
* Everyone needs to take IoT security more seriously
In Singapore it’s not at all uncommon today for people to have IP cameras all over their homes.
And, of course, the more people who installed internet-connected cameras throughout their private residences the more you would be considered odd if you hadn’t jumped on the bandwagon, and put cameras in your living room, kitchen, bedroom, sometimes even with a view of even more private areas of your house.
It’s not as though your friends encouraged you to cam up your home with malicious intentions, but over time, it became a perfectly normal thing to do. And so more and more people in Singapore did it, believing it would be an easy way to secure the property, or monitor children, domestic workers, vulnerable relatives, and pets.
Perhaps some home owners are now reconsidering whether that was such a wise idea.
Because, as local media reports, clips stolen from more than 50,000 hacked cameras have been uploaded to pornographic websites, and X-rated footage sold to people prepared to pay a subscription fee of US $150.
As Singapore’s The New Paper describes, videos surreptitiously stolen from hacked cameras feature couples, breastfeeding mums, and even teenagers and children – with many captured in “various states of undress or compromising positions.”
A Discord group with almost 1000 members around the world claims to have shared over 3 TB worth of clips with the more than 70 people who have proven themselves prepared to pay for unfettered access.
In addition, the group claims that subscribers will receive tuition in how to “explore, watch live and even record” hacked cameras.
Others who are dragging their heels about paying up are being offered a 700MB free “sample” of stolen footage, containing some 4000 videos and photographs of unsuspecting victims, some of whom have even been filmed on the lavatory.
How would private footage from inside your home fall into the hands of hackers who then sell it on to peeping Toms online?
Well, it may be that you chose a weak password to secure your camera, or failed to change the default password used on the device in the first place. Or it may be that the camera contained vulnerabilities that have been been properly patched to keep out hackers. Or it may be that it’s the type of camera which stores its footage in the cloud, and a company has been lax about how well it has secured its online video archive of what has been going on inside your home.
With any IoT device it is essential to keep it up-to-date with the latest security patches. Always choose products that have a good history of continuing to support devices and providing security updates, and make sure to change the device’s password to something that is strong, unique and hard to crack. If the feature is available, accounts can be hardened further with multi-factor authentication and other security options to lessen the chances of a hacker successfully breaking in.
With some security cameras it may not be necessary to connect them to the internet at all, and footage could be stored locally instead. It’s worth weighing up if you believe that will offer you a higher level of security or not.
And maybe, just maybe, it’s worth considering if you need quite so many internet-connected cameras in your home, and where you feel comfortable them pointing – and where you don’t.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsDecember 19, 2024
November 14, 2024