Lessons have not been learned from the realisation that a Russian website was providing links to access baby monitor cameras, says the UK’s data protection watchdog.
The launch of a website that allowed people to watch footage from insecure cameras prompted a warning from the Information Commissioner’s Office (ICO) in 2014. The regulator has again warned that many people are still not ensuring the security of their connected devices. This means Internet of Things (IoT) products such as baby monitors, music systems and photo or document storage which can be accessed online are at risk of revealing your personal details to other people.
Simon Rice, ICO Group Manager for Technology, said in a blog that the public must act to protect themselves and their families when using these devices. “If they don’t they could find their personal files easily accessible by popular search engines, casual browsing or more determined attackers. If you wouldn’t leave your house unlocked then make sure your digital home is equally secure.”
A lack of security when it comes to IoT devices could mean that a search engine is used by criminals to locate vulnerable devices and then gain access to them or others on your home network, the ICO warns.
Dr Rice said: “Connected devices which monitor and communicate around our homes, cars and physical activities can offer many benefits but individuals must take steps to ensure they remain in control of their personal data when using them. Always remember to consider: If you can access your services from outside of the home, what security measures are in place to stop others from doing the same? Setting a strong and unique password is a crucial first step in network security.”
Comment
As consumer based IoT products find their way into our enterprise networks, we must continue to be diligent, says Deral Heiland, Research Lead, at the It security and analytics product firm Rapid7. “Simple IoT technology solutions, such as lighting automation, can easily be overlooked as a risk. But as shown in my recent IoT research project even enterprise IoT lighting solution can suffer from a number of vulnerabilities. If these issues go unchecked they can lead to increased risk for any organisations that deploy them such as unauthorised access to a corporate and home network when technology is compromised, and the extraction of data that can further compromise IoT systems, internal networks and authenticated user host systems attached to the IoT solutions.
“That does not mean we should avoid leveraging these new automation technologies, but does show that we need to build better policy around managing the risk and develop processes on how to deploy these technologies in a manner that does not add any unnecessary risk.”
