An ex-GCHQ spy's guide to how to protect your home devices from hackers

Last year, a family in Seattle grew alarmed when their three-year-old daughter informed them that a voice in her bedroom was saying "I love you".

"We were both downstairs working in our office here, and our daughter called out," the child's mother told KING 5, a local news channel. "She's saying, 'Mommy, mommy. The voice is talking to me.'"

The voice wasn't an imaginary friend, but a hacker who had broken into the internet-connected baby monitor in the toddler's room and begun using its speaker to broadcast his own voice.

The incident, and countless other similar hacks, have prompted governments around the world to crack down on cheap smart cameras.

This week, GCHQ released new advice urging Brits to turn off the internet features of smart cameras which it said had the "potential to be accessed by unauthorised users".

The spy agency's National Cyber Security Centre (NCSC) said while the risk was low, it recommended the public disable any features which allow camera footage to be remotely viewed over the internet - unless they are actively being used.

"Smart technology such as cameras and baby monitors are fantastic innovations with real benefits for people, but without the right security measures in place they can be vulnerable to cyber attackers," the NCSC's technical director Ian Levy said.

The advice was a sign of growing concern about the vulnerability of "smart devices" – lights, speakers and security cameras which are connected to the internet. They are now estimated to be in almost two thirds of British homes.

Even with the widespread use of such products, more than 70pc of households are said to be concerned about hackers breaking into them. As many as 50pc said they thought they could never be totally secure.

It is a concern experts say they are right to have. Smart devices can be "easy pickings for hackers", says Cath Goulding, an ex-GCHQ spy who now works for Nominet, the official UK internet domain name registry. 

Keep your devices up to date

Of course, "anything can be hacked if enough attention is applied", she says.  

"Quite often in these cases, you are looking at a perfect storm : mainstream users who don't manage their security effectively and simple to execute attacks, such as on devices which haven't been updated in a long time". 

This wouldn't just put those devices at risk, but actually the entire network itself. Once hackers have managed to break into one device, they can "pivot" and gain access to other devices on the same network. 

In today's world, many consumers may not be prepared for such an attack – but that is not to say it's too late and that their security is irreversibly compromised.

In some cases all it takes is a basic software update. 

Newer products on the market typically come with more advanced features pre-installed, including two-factor authentication, which means users can verify they are the ones accessing the system through a separate device, such as a smartphone. This more rigorous security can be made available to older devices through updates.

Change default passwords to custom-made secure phrases

Another key piece of advice is updating the passwords you use to log into smart devices to make sure that they're strong and unique.

Alan Woodward, a professor at the University of Surrey and a former GCHQ consultant, says: "If you bought a smart kettle, would you know how to change the password on it? There's no keyboard, no screen, so people think it must be secure."

"A lot of the time, they're not – and being able to get into the system, through a cloud server, and change the password to gain control of the products is key."

Earlier this year, the Government said it would be drawing up new legislation to ban default passwords in smart devices and bringing it before MPs "as soon as possible".

But, as it stands, many smart home devices have the same passwords, set by manufacturers – and which, worryingly can often be found on online databases. 

"This allows attackers to go to a single database which shows all of the devices found on the internet along with their configuration details, and so people can then log in," says James Hadley, a former GCHQ employee who now runs cybersecurity training business Immersive Labs. 

"If I bought a device and then found out it couldn't be secured, so you couldn't change the password, then I probably wouldn't install it in my home."

The NCSC suggests using three different random words put together to form a strong, unique password.

Cover up any devices you're worried about

And if they were installed, experts suggest finding physical covers for devices such as cameras – especially in particularly sensitive spaces such as bedrooms.

If there is no other option, cameras can be blocked up with "a good old fashioned blob of blu-tac", Goulding says. Or devices can be unplugged to save any unwanted attacks.

You can choose to have a dumb home

The popularity of smart devices may be exploding, but that doesn't mean that you need to have them in your home.

Many cybersecurity experts have gone decidedly low-tech when it comes to kitting out their own homes.

"Manufacturers these days seem determined to make their devices smart, so it's actually quite difficult not to buy them," Woodward says. "I personally do not have a home hub, an Alexa or whatever in my home."

Woodward adds that he bought a television which doesn't include a camera or microphone.

Anyone looking to buy a smart device now should read reviews, to validate and verify whether a particular device has been accredited, says David Balson, now at RipJar and formerly at GCHQ.

"It's a bit of the Wild West at the moment," he says. "Most of these devices don't come with security at the forefront of their design. Or at least they have incredibly weak security hard-baked into them."

Until it becomes the law for manufacturers to have to ramp up security measures for smart home products, consumers have to take it into their own hands, and make sure what they're buying is secure. 

"At the moment, it's almost like companies are selling cars without seat-belts or a building is being built without fire escapes," Balson says.

U.S., UK Charge Russian-Backed Hackers of Global Cyber Espionage Campaign

Komentar

Postingan populer dari blog ini

A Brief History of the Codpiece the Personal Protection for Renaissance Equipment

Kids Japanese Kimono Style Baby Girls Boys 5 Types toddler Infant Cotton Kimono Boys Jumpsuit Clothes Costume

COVID-19: Condom shortage could lead to baby boom experts say