Owners of smart devices such as wireless security cameras and baby monitors should take extra steps to stay safe, according to advice issued today by the National Cyber Security Centre (NCSC) – the government’s advice and support organisation for cybersecurity threats.
Following a Which? report in 2019 on the cheap security cameras inviting hackers into your home, the NCSC has published guidance outlining important steps to safeguard privacy and personal data.
The NCSC advises that:
- If your camera comes with a default password, change it to a secure one. You can usually do this using the app you use to manage the device.
- Keep your camera updated. Not only does this keep your devices secure, but it often adds new features and other improvements.
- If you do not use the feature that lets you remotely access the camera from the internet, it is recommended you disable it.
Matt Warman, minister for digital at the Department for Digital, Culture, Media and Sport said: ‘We are working hard to make the UK the safest place to be online and want everyone to have confidence in their connected devices.
‘I recently announced new laws to improve the security standards of internet-connected household products which will hold companies manufacturing and selling these devices to account.
‘I urge everyone who owns a smart product to follow the NCSC guidance to make sure their device is secure.’
How Which? research exposed issues with popular smart devices
Which? research demonstrated how many wireless security cameras could be easily hacked to allow malicious parties to snoop on unsuspecting victims, control the camera remotely, and even gain access to a home wi-fi network.
The devices, many of which were produced in Shenzhen, China, were made by little-known brands that are still regularly promoted on Amazon’s bestseller page, and with Amazon’s Choice logos.
We showed how these cameras could be easily hacked to allow malicious parties to snoop on unsuspecting victims, control the camera remotely, and even gain access to a home wi-fi network.
We also worked with a security researcher to expose how more than 50,000 internet-connected cameras in use across the UK could be putting consumer security at risk.
Amazon declined to comment when we reported the issues and is still selling and promoting many of them.
Caroline Normand, Which? director of advocacy, said: ‘Which? has repeatedly exposed serious security flaws with devices, including wireless cameras and children’s toys, so mandatory security requirements and strong enforcement that ensures manufacturers, retailers and online marketplaces are held accountable for selling unsecure products is essential.
‘Until new laws are in place, it is vital that consumers research smart device purchases carefully, and follow guidance to ensure their devices are protected by strong passwords and receiving regular security updates to reduce the risk of hackers exploiting vulnerabilities.’
How new laws could help protect smart devices in the UK
The UK government has recently proposed new legislation that aims to help better safeguard consumers from unsecure smart devices in the future, and offer more transparency over usage. This proposal includes requirements that consumer smart devices sold in the UK adhere to the following requirements:
- Device passwords must be unique and not resettable to any universal factory setting.
- Manufacturers must provide a public point of contact so anyone can report a vulnerability.
- Manufacturers and retailers must state the minimum length of time for which the device will receive security updates.
However, timescales on implementation have not been ascertained. It’s also yet to be seen what impact any new legislation will have on online marketplaces, who are able to sell products from little-known companies in huge volumes to UK customers, many of which will have undergone little or no security or quality control.
We see this legislation as a critical first step towards preventing security-risk products ending up in people’s homes. It’s essential that strong enforcement is put in place, and that manufacturers, online marketplaces and retailers are held accountable.
Follow Which? advice on how to create a secure password to stay on top of this fundamental part of security in the home.