Within the traditionally sacred walls of our homes, we felt safe from prying eyes. Once the curtains were drawn and the doors shut, we felt we could say and do things we might not in public. But are we really alone?
The revelation that a Russian-based website is streaming live video from thousands of security cameras has demonstrated just how open our lives really are.
You might be thinking of cameras attached to the outside of warehouses or malls. But things like nanny cams and security cameras in our homes are also involved.
What’s the one thing all these cameras have in common?
When the camera’s owner configured it, they didn’t change the device’s default password.
It’s sloppy practice for manufacturers to provide such a default password. If they install a default password and then provide it to the user, it’s obviously written down somewhere that’s easily accessible. If the bad guys know the password to your system, they can gain access easily.
If you’re using a Sony camera, for example, then the default username is “admin” and the password is “admin.” Unless you change that, everyone will know it.
The same is true for all types of hardware.
Many of us have a Wi-Fi router provided by our Internet provider. Those passwords are set by the provider and aren’t default values. However, if you’ve purchased a Wi-Fi router from a store and you didn’t change the password, then that password is easily accessible to others.
It’s easy to discover the make of a router or camera when trying to connect, so this isn’t even worth calling it hacking. This is the equivalent of putting a sign over your front door with the passcode for your numerical lock.
Why does it matter if someone can access a security camera or your Internet router? What possible harm could result?
With access to your router, a criminal can insert themselves between your computer and the Internet. They can use a variety of attacks on your computer to gain access to critical information, including your bank card number and password for Internet banking.
Do you have emails you would rather not be seen by others? Security cameras in your house?
A thief could read your emails or monitor your camera to tell when you’re out of town or at work. How many of us run naked between rooms when alone in a house? And do we run the risk of being extorted as a result of the contents of our emails?
When Edward Snowden fled the U.S. for sanctuary in Russia, the tipping point that caused him to rebel against his employers (the National Security Agency) was a surveillance program the U.S. government used to log all emails from people and to periodically grab pictures from webcams (from your computer, your phone, perhaps those security cameras, too).
Snowden found it disturbing because many of the pictures were of people half dressed or in other states of regular life. None of these people were necessarily being investigated, and this was completely without authorization, warrant or cause.
What can be done?
Manufacturers could ship their products without a default password and force the user to enter one. Unfortunately, the number of passwords being set to “12345” would be high enough that we’ll still see a sizable number of breaches.
Manufacturers need to stop shipping hardware that can be reset to factory defaults from a digital connection (a few allow this) and restrict resets to a button on the hardware. But a very small percentage of the offending systems have this flaw.
So users need to be aware of the security of their belongings and their hardware. You wouldn’t leave for work with your front door wide open, so don’t leave your digital doors open. You should:
- Cover your webcams with black tape when you aren’t using them.
- Don’t give authorization for mobile apps to have access to your phone’s camera.
- Be certain to install antivirus software from a trusted vendor on your computers, tablets and phones.
- Change your passwords regularly.
These steps won’t guarantee privacy but they will increase your chances in a world full of prying eyes.
Eamonn Brosnan is a research associate with Frontier Centre for Public Policy.