NCSC Issues Warning About Smart Camera, Baby Monitors

Internet of things security. ‘Smart’ security camera including baby monitors, need to be properly setup to avoid issues, warns NCSC

The National Cyber Security Centre (NCSC), part of the UK intelligence agency GCHQ, has warned about the dangers posed by ‘smart’ security cameras, including baby monitors.

The NCSC has published its advice on how best to setup these smart cameras, in order to avoid live feeds or images being accessed by unauthorised users.

This comes after a number of high profile cases. In December for example a video revealed every parent’s worse nightmare, when the video showed a hacker talking to a young girl in her bedroom in the United States, via her family’s Ring camera.


Smart cameras

The NCSC is charged with overseeing the UK’s cyber defences, ever since it was founded back in 2016. In October last year the NCSC warned that Russia, China, Iran and North Korea pose ‘strategic national security threats to the UK.

But now it is issuing advice for consumers, with some advice about smart cameras.

“Live feeds or images from smart cameras can (in rare cases) be accessed by unauthorised users, putting your privacy at risk,” it said. “This is possible because smart cameras are often configured so that you can access them whilst you’re away from home.”

“The problem arises because some cameras are shipped with the default password set by the manufacturer, which is often well-known or guessable (such as admin or 00000),” the NCSC warned. “Cyber criminals can use these well-known passwords (or other techniques) to access the camera remotely, and view live video or images in your home.

It advised householders to change the default device password to a secure one, and avoid the most commonly used passwords.

It also advised homeowners to “keep your camera secure by regularly updating it, and if available switch on the option to install software updates automatically so you don’t have to think about it.”

The NCSC also said that if a user does not need the feature that lets them remotely view camera footage via the internet, it recommend disabling it altogether.

But the GCHQ division also went further as it also urged consumers to check their router settings.

“Many routers use technologies called UPnP and port forwarding to allow devices to find other devices within your network,” said the NCSC. “Unfortunately, cyber criminals can exploit these technologies to potentially access devices on your network, such as smart cameras. To avoid this risk you should consider disabling UPnP and port forwarding on your router – check your router’s manual or the manufacturer’s website for details about how to do this.”

Manufacturer responsibility

One security expert said that manufacturers do also have some responsibility on making their smart cameras more secure.

“IoT breaches are on the rise,” explained Will LaSala, senior director of global solutions at security and anti-fraud specialist OneSpan.

“Devices are being developed and integrated into society at such speed that users are often not aware of the security holes they can possess,” said LaSala. “Originally, devices such as smart cameras and baby monitors were intended to increase safety and security, but they are now bringing unwanted visitors into peoples’ homes virtually.”

“Vendors who manufacture these IoT devices still have a long way to go to make their products fully secure and protect users from incidents like this,” said LaSala. “Quick fixes in the way of SMS authentication are often added, but this simple protocol has been hacked previously in the banking industry and any other industry where it’s been deployed.”

“Security should be built directly into IoT vendors’ platforms, as well as into third-party home routers and networking equipment to really start to reduce these breaches,” he said. “Customers should also ask their IoT vendors the difficult questions of how and when they plan to properly protect their users to hold them to account.”

Do you know all about security? Try our quiz!