Home security cameras have recently fielded a spate of attacks affecting users across the U.S.; a particularly frightening recent news story describes how a Ring camera installed in a child’s bedroom was hacked and used to scare the eight-year-old girl. The hackers were able to watch the child through the camera and use the microphone to speak to the child.
According to the Washington Post’s Allison Chiu, “Several Ring users nationwide have reported that their security systems were also infiltrated by hackers who harassed them through the camera’s two-way talk function.”
It is widely known that IoT devices are lacking in security and vulnerable to cyber risk and hacking. With the technology market moving at a rapid pace, companies are often in a hurry to get their products out of the door and into market before their competitors, or before new technological advancements render their product obsolete. However, some experts believe the growing spotlight on the inadequate security in IoT devices will force companies to build devices with security in mind.
“IoT device makers and deployers of connected devices will put plans in place to upgrade the capabilities they offer to ensure secure IoT systems,” said Charlene Marini, VP of strategy, IoT Services, Arm, in IoT World Today.
Unfortunately, this is not today’s reality, and this means security is still at the bottom of the list of features. With a constantly evolving product range, there is no time or desire to develop patches even once vulnerabilities are identified. The device in this story was made by Ring, a well-known brand owned by Amazon, who state that they ‘take the security of our devices seriously’ and provide options, such as 2FA to help users secure their devices.
In fact, according to CNET’s Laura Hautala, “Robust passwords and two-factor authentication are the minimum for decent security these days. But smart home companies can do more to protect users from these types of attacks. One easy fix: Companies could require -- rather than simply recommend -- that consumers use two-factor authentication when they log in.”
Minimizing Cyber Risk for Children
Children are interacting with technology from an earlier age, and as such are becoming exposed to more risks from the devices they choose to interact with or have within the home environment, such as the IoT security camera mentioned above. Having said that, there are steps that can be taken to reduce the risk posed by technology within the home:
One of the primary issues with IoT devices is that they are often shipped with default credentials, i.e. password = password. Consumers must ensure they change default passwords.
This also goes for routers; consumers should secure the perimeter of home networks. Another common issue is password reuse; it’s critical to use a unique password for every account to stop hackers being able to reuse leaked or stolen passwords from other services. Like CNET suggests, use 2FA where possible – the Ring device that was hacked had that option.
Act as the security team for children. Many children have their own mobile devices and laptops, or at least have access to them, so teaching children the basics of cybersecurity awareness is vitally important – your children will probably know about and start using the latest cool app or tech product before you do.
Think like a security team. There are many tools that can be used to restrict unsuitable website categories, for example, app stores can be password-protected on mobile devices. Adults can review and research apps their children may want to download to ensure they are genuine and appropriate – there are tens of thousands of fake apps that could install spyware or malware on their mobile device.
Another category to consider is hackable toys; according to BBC.com, “A walkie talkie toy and two karaoke devices have been found to be potentially hackable, consumer group Which? has claimed,” which widens the attack surface and makes children’s toys more susceptible to cyber risk. In this case, the walkie talkie Bluetooth connection could easily be hacked, allowing strangers to talk to children.
These examples highlight the need to extend the classic ‘stranger danger’ talk, to include people that children may communicate with, not just via chat rooms and apps, but potentially on any device. Watch this space for a full assessment on cyber risk and cybersecurity for the vulnerable!
Want more great articles like this?Subscribe to our blog.
Get all the latest news, tips and articles delivered right to your inbox
You will receive an email shortly