Other issues in this category (26)
A hacking or an open door?
Thursday, February 4, 2021
Modern technologies are designed to make people's lives easier and safer. For example, security cameras can effectively monitor the situation on streets and in staircases, apartments and offices. But what will happen if cybercriminals get access to them?
Moreover, constantly developing facial recognition technologies are offering cybercriminals even more opportunities to engage in malicious activities: for example, they can exploit them to organise total surveillance on specific people. Using these technologies, it's easy to build a route of their movements, find out which locations they frequent, their daily routine, their preferences and the passwords they use. As a result, attackers will acquire a "schematic" of people's lives and access to the services they use. After gaining access to security cameras, cybercriminals can find out shift schedules, passwords, and the habits of individual security guards—and these are already serious security flaws.
All these factors create conditions for blackmail (because at night the staff can be doing more than just monitoring their cameras) or a direct penetration.
We won't have to look very far for examples. Here is a recent case that happened in Moscow: as was reported, cybercriminals hacked 15,000 security cameras, which could have serious consequences. Another case. Cybercriminals received access to more than 50,000 home cameras belonging to ordinary people in Thailand, South Korea, Singapore and Canada. The stolen videos were then posted on the Internet. Anyone can be affected by similar situations, including teenagers: one’s private life can be destroyed in the blink of an eye, and the consequences of the psychological trauma caused by such events are difficult to predict.
But was it really a hacking? Modern digital cameras can connect to servers over the Internet without proper protection (e.g., without using secure channels) and at the same time have an IP address that is visible on the Internet. As a result, these cameras are visible even in specialised search engines, not to mention the fact that they can be detected by network scanning utilities. Anyone can find tens, or hundreds, or even thousands of cameras in such search engines. Sometimes these cameras can be connected to even without authorisation. And if an access password has been set, it could happen that security updates aren’t being downloaded. Can you regard a situation where your apartment is visible from the street through an open door as a break-in?
The Anti-virus Times recommends
Many people make the mistake of believing that no one is interested in them. This is far from certain. Even if cybercriminals using a hacked camera don't find material to blackmail you with, who would be happy to realise that someone is watching them? Forget targeted attacks against specific people; you can simply end up in a mass selection made using the services we mentioned above. After that, the criminals will decide what to do with the secrets they’ve acquired. For example, offers to sell access to hacked cameras are posted on the Darknet.
- If you've purchased a security camera, be sure to read its instructions. Immediately after buying it, install all available updates to eliminate potential security breaches. And regularly install security updates.
- Before buying a security camera, make sure that the option exists to change its factory password. Change this password (and the login, if possible) to a unique one to make it more difficult for hackers to carry out attacks.
- Close interfaces you do not use (for this, use the product documentation). For example, if you configure your device only from an internal network local computer and not via the Internet, restrict external access.
We also want to remind you that both manufacturers and users can contact Doctor Web to have their devices analysed to see if malware is present.