For years, I’ve been telling new parents not to buy a dedicated Internet-connected baby monitor. These $200 cameras are wastes of money, I argue, because you can accomplish the same thing with an IP camera and smartphone apps for $75 or less. What’s more, you’ll probably get better pictures and sound to boot. Clearly, given the prevalence of IP cameras in Amazon’s baby store, I’m not the only one espousing this anti-baby-industry dogma. But here’s the thing: These cameras can be terribly insecure, especially right out of the box.
And it’s not like these fears are completely unrealistic. Thanks to the ability to find cameras with tools such as Shodan, and exploit them with paint-by-numbers instruction sets, IP camera hacking is a real and growing problem. Case in point, in August a family in Texas discovered a stranger calling their 2-year-old daughter a slut via a hacked IP camera they were using as a baby monitor. If you’re using an Internet-connected camera as a baby monitor (or, hell, anything else) you’d do well to take a few extra steps to secure it.
Register your product
Sure, I’m registration-shy too. Who wants more email, or their name on more junk mailing lists? But for a camera that’s at best one step away from the always-probing Internet, registering your product means you’ll be aware of things like this firmware update from Foscam meant to address vulnerabilities that let pretty much anyone own your camera (and subsequently use it to do everything from monitor your home, to run exploits on your internal network).
Turn on your firewall
Registering your product is only going to protect you from attacks that a manufacturer knows about and cares enough about to fix — both of which can be in doubt when you’re buying a cheapo IP camera from eBay. A good firewall around your home network will provide a basic first line of defense from attackers. If you plan to expose the camera to the wider Internet so that you can monitor it remotely (possibly not the best idea, but hey) the security researchers who first exposed the Foscam vulnerability (.pdf) suggest limiting the remote IP addresses that can connect to your router, and throttling the connection rate to protect against brute force attacks.
Change your defaults
Okay, we saved the most important one for last. Just like you want to change the installer code on your home’s alarm system, or the default admin/admin login on your router (you have changed the default login on your router, right?), you also want to change the default settings on your camera’s software tools. Changing the login is an absolute must. Depending on your setup, you may want to change the port the camera uses as well.
None of this is going to make your camera totally secure from hacking. But it will make it harder to access remotely. And often making things more difficult to get into is enough to get an attacker to bypass your home for the one down the street.
Tags: Washington Navy Yard NFL Network Ozil Yosemite Fire Ultron
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.