Following the revelations that a Russian website is linking to hundreds of live streams from internet-connected cameras across the UK - and thousands more around the world - many people will be worrying that their private lives and those of their children could be exposed to the world.
To help calm fears and explain how to keep using your connected cameras safely and prevent anyone else from accessing them, IBTimes UK has put together a guide to explain what is happening and what steps to take:
How is this website accessing my camera?
With the rise of the connected home, many more products around your house are connected to the internet, from expected devices like your laptop, smartphone and television to less expected products like your fridge, kettle and even your toaster.
Security cameras, baby monitors and webcams are almost by necessity also connected, meaning that if they are not secured properly anyone could potentially access them though a website or app.
What devices are affected?
According to the Russian website which is the centre of the controversy, the most popular cameras streaming unsecured content onto the web are made by Foscam, Linksys and Panasonic. There are likely others, but these are the devices which don't require a user to change the password when setting them up.
Why are we only hearing about this now?
The reason this has hit the headlines is that the Information Commissioners Office has issued a warning about the Russian websites, but as Ken Westin from Tripwire says, this is a problem that has existed for some time:
"Although this issue is currently getting a lot of attention in the media now, it is a problem that has existed for quite some time. The Russian website making these feeds public is creepy, however provides the public with visibility into what security researchers and malicious hackers have had access to for years. The silver lining of this is that people will become more aware of default settings of cameras and general security vulnerabilities in these devices."
How do hackers access my camera?
The problem is that because cameras are connected to the internet, they are accessible from apps and websites which are open to anyone.
This means that to actually access the live camera footage, a hacker only needs the correct login details (username and password) for your device.
Most of the affected cameras ship with default login details and don't force the user to change them when setting them up, and these default login details are freely available online from the manufacturers themselves.
Should I throw out my webcam and baby monitor?
No, you just need to make them more secure. For years people have been placing pieces of plaster over the webcams built into their PCs and laptops to prevent just such surveillance, but Mark James, a security specialist at ESET, has more sensible advice:
"It is down to the individual to decide where to place the camera - once placed, a decision should be made as to what is made available for online steaming. I totally understand why you would want to stream your front drive or even the alleyway providing access to the back of the house but honestly in what situation would you need to stream your children's bedroom outside of your private residence?"
How do I make my webcam and baby monitor more secure?
Because websites like the Russian one highlighted by the ICO use automated systems to find connected cameras and check if they use the default login details, simply changing your system's password will mean such automated scripts will no longer work.
As Tony Neate from Get Safe Online says:
Just like you lock the front door to your house or your car, you need to lock your online life too. If you do not use strong passwords across all devices, you are leaving yourself at risk. It's also important to use a different password for every website. If you have only one password, a criminal simply has to break it to gain access to everything.
So while changing the default password is a good first step, you really need to make sure that password is not an obvious one like your name or popular choices like "password1" or "12345".
Here are some guidelines for choosing a password and managing your accounts:
Choosing a secure password
- Make sure you password protect ALL technology including your mobile phone and tablets, as well as your computer.
- Choose a password with a combination of upper and lower case letters, numbers and keyboard symbols.
- Choose a password containing at least eight characters- longer passwords are harder for criminals to guess or break.
- Avoid using obvious passwords such as names or birthdays of people close to you or numerical passcodes or PINs that use ascending or descending number.
- Don't recycle passwords (for example password2, password3).
Looking after your password
- Never disclose your passwords to anyone else, if you think that someone else knows your password, change it immediately.
- Don't enter your password when others can see what you are typing.
- Change your passwords regularly.
- Use a different password for every website, if you have only one password, a criminal simply has to break it to gain access to everything.
- If you must write passwords down in order to remember them, make sure they are meaningless and unusable to other people by writing them in code.
- Do not send your password by email, no reputable firm will ask you to do this so alarm bells should automatically ring if you are asked.
Controlling user accounts
- Set up a different user account for each person who uses a computer, so that only they can access their files and programmes.
- Do not use an account with administrator privileges for everyday use, as malware could assume administrator rights.
- Set up an administrator account to use when you need to carry out tasks such as installing programs or changing the system configuration, and another 'standard user' account as your regular account.