Do you ever get the feeling you are being watched? If you've got a webcam, you might be right.
I've been looking at live private camera feeds of cribs, bedrooms, backyards, waiting rooms, and offices, thanks to a website demonstrating how easy it is to hack into webcams.
Ostensibly the idea is to warn people of this danger, and it shows examples around the world, from Australia to Uganda, replete with maps revealing their precise location. Thousands of cameras are exposed in the United States, as well.
"Hacking" may be an exaggeration in this case, since all that the perpetrator/whistle blower did was use the default passwords for cameras from Foscam, Panasonic, Linksys, and other companies to access the live feeds. It's stunningly easy since most companies, in an effort to be helpful, put installation manuals online, manuals that make public the default passwords for their products.
What should you do? If you use a webcam, check your password. Just as you should protect your online banking with an abstruse login you should do the same with your baby monitor or security camera. Make the password a complete sentence or a mix of letters, numbers and symbols that's more than eight characters long. If not, that webcam could make for an open invitation to thieves rather than be a way to secure your home.
The webcam fiasco should also be a cautionary tale about the future of the Internet of Things and smart homes where everything from coffee pots to thermostats is connected to the Web. Even though it doesn't involve an inherent security flaw (there are enough of those already), the webcam example does remind us not to rely on others to protect our digital connections.
Several security firms have pointed out weaknesses in smart home devices like locks, sensors, and thermostats that are connected to the Internet. Indeed, I've run into security issues when installing a smart home device like a remote-controlled garage door opener or front door lock. Many of these products use an unsecured wireless connection to initially connect to a home network hub. During that admittedly brief time, someone nearby (a nosy neighbor, for example) could intercept the signal and gain access to the device. Theoretically, once you've set up a secured connection, the danger should pass. This is a possibility you should be aware of, and it should be noted that at least one security firm plans to introduce the equivalent of anti-virus software for smart home devices early next year.
Furthermore, other companies have alerted me to the fact that such devices can be the subject of surveillance activities from law enforcement. No one would supply me with specific cases, but it's an issue we're going to have to grapple with in the future.
There's also the concern that complexity breeds vulnerability. As we connect more things to each other, we give criminals more potential points of entry. Most smart home systems use a smart phone app to remotely monitor or change things like the temperature, for example. Some even allow you to remotely change the code on a door lock. So your phone needs to be secured as well, but that's probably not the case.
Lookout, the mobile security company, released a report this week on the prevalence of a piece of malware known as NotCompatible.C. It's lurking on tens of thousands of handsets, unbeknownst to the owners. The malicious software allows criminals to run spam campaigns or scalp tickets using your phone. It's difficult to detect, and it shows the extent to which one device can be used to attack hundreds of other connected products. It's not too difficult to envision similar software being used to grab passwords for your child's web cam or home security system.
Many skeptics will note that security companies stand to gain from selling products to thwart hackers and that perhaps the threat isn't that severe. That may be the case, but in the meantime, I'm watching people around the world sitting at their desks and cooking in their kitchens at home.