If the thought of being the unwitting star of your own prime time reality show gives you the willies, consider the recent revelation that more than 73,000 unsecured webcams and surveillance cameras are, as I write this column, viewable on a Russian-based website. (Unfortunately, the U.S. is well represented.) In every case, victims ignored safety protocols and installed the cameras with their default login and password — admin/admin or another easy-to-guess combination findable on any number of public-facing websites. There are 256 countries listed plus one directory not sorted into country categories.
You may remember the sextortionist who hacked into Miss Teen USA’s computer camera and took compromising photographs. He tried to get money in exchange for not distributing the pictures, and got 18 months behind bars instead. That’s a bit too lenient in my book.
The Internet of Things has arrived making homes smart, fitness totally interactive and tasks infinitely easier, but the devices we buy to streamline day-to-day life create vulnerabilities that, when exploited, could bring your day to a screeching halt, and the risks are much higher if you don’t apply common sense during the setup of these password-protected devices. The rule here couldn’t be simpler: Anything that hooks into a network must be locked down.
Don’t think it will happen to you? Consider this: There are websites that list the default passwords of all kinds of devices. If you have something wireless that’s hooking up to your household router, it likely came with a pre-set password and login. And there’s a good chance, whatever the device, there’s a forum online where it’s been figured out, hacked, cracked and hijacked for all stripe of nefarious purpose.
Other common devices that are password protected should immediately come to mind here. Whether it is your household printer, your wireless router or your DVR, there are folks out there who are curious about you, not because they value you as a human being, but because they can create value from any plugged-in human — whether by fraud or extortion or (in a more old-fashioned mode) getting the information they need to rob you blind when you’re not home.
The number of people who don’t change default passwords is staggering, as evidenced by the 73,000 wide-open webcams on that Russian website. There’s a major disconnect here, and it’s specific to the Internet of Things. On the Internet proper, it seems the message has finally seeped in and people are beginning to make themselves harder targets — making sure their privacy settings are tight and their passwords are both strong and changed frequently. But when it comes the Internet of Things, there is still more learning to be done — hopefully not Miss Teen USA-style.
Breaches have crossed the Rubicam. Whether they are of the unavoidable variety or the product of carelessness, they will continue to happen apace. Now the third certainty in life, breaches have become the potholes on a bumpy road. What no one wants to deal with is the fact that the road ends abruptly — jagged concrete and rebar sticking out — and there’s nothing but air after that, and a whole lot of it, between you and the endless crimes that can be committed against you. Read more…