The freshly coined “Internet Of Things” is fast taking over our households. So many new devices are now connected to the internet, available to you on your smartphone or computer and able to pipe in information from outside sources. Most recently we wrote an article on how the new Hello Barbie doll that was connected to the internet had a momentary security loophole that would allow potential hackers to access the doll’s recorded conversations with a child.
The latest news in invasive home hacking is a search engine that allows people to search for unsecured webcams – nanny cams and other cameras that people set up so that they can monitor what’s going on in their house or a particular room remotely. Since many people are too lazy to set up proper security for these devices, they are vulnerable to intrusion from literally anyone with an internet connection.
Another problem, as reported by the ARSTechnica blog, is that many companies that produce webcams are going for a cheap price – since most consumers just don’t seem to care about security (“who could possibly be looking at me?”) the manufacturers of the cams just don’t put security first, if at all.
The ARS Technica blog post was quite the eye opener – as part of the story they posted several random screenshots that were obtained through the hacker search engine Shodan. Shodan is a search engine for the internet of things, creating lists of vulnerable appliances that are connected to the internet. Most recently they added a section where people could search for vulnerable webcams.
According to the blog post,
The feed includes images of marijuana plantations, back rooms of banks, children, kitchens, living rooms, garages, front gardens, back gardens, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores, according to Dan Tentler, a security researcher who has spent several years investigating webcam security.
This is actually rather scary. Imagine that you’ve set up a webcam in your room to monitor your cat, but you also get dressed in that same room. Unless you’ve got some security on that camera, someone could be watching you very easily. Peeping toms could have a field day with this one.
The privacy implications are searingly obvious, yet it’s almost good in a way to shine a spotlight on the pathetic state of the security of appliances and the IoT.
It’s interesting to try to think about where the liability lies. People seem to put blind trust in IoT manufacturers, however those same manufacturers are taking advantage of customer ignorance by failing to secure their devices to help lower prices and improve their bottom line.
And the threat of IoT vulnerable devices doesn’t just stop at someone taking pictures of your sleeping dog (or baby). It’s conceivable that someone could construct a botnet harnessing those unsecured IP addresses in order to launch a DDoS attack. What’s a DDoS attack you might be wondering? Exactly. Most average people have no clue what that means, and that’s where the problem lies. What we really need are higher security standards and laws for all devices, as well as greater education for the public on what the implications are.