Seller of hijacked camera in Colorado adds extra protection

Smart home devices are now more accessible than ever, and with them the security flaws. Surveillance cameras have dropped in price, as have IoT sensors used in industrial devices, making them more affordable to the regular homeowner.

Once purchased, connected devices are linked to the home network and to each other. And all these devices we connect to our infrastructure create endless possibilities for hackers to infiltrate our homes.

The problem is not only privacy breach and data theft because the devices might not contain sensitive information, but about manufacturers’ lack of concern for security that enables hackers to create giant botnets from unsecured devices and use them to launch massive large-scale DDoS attacks.

In terms of security flaws and easy hacks, remember the Wi-Fi enabled WeMo switch, the remote code execution vulnerability in the latest firmware of the D-Link DCS-930L Network Cloud Camera, the LIFX bulb, the pet feeder that forgot to do its job, the Ring smart doorbell, the Motorola Focus 73 outdoor home monitor, and many others. IoT devices are vulnerable because you can’t install security agents on them and they’re not designed with security in mind.

Now imagine what will happen when many devices with weak security protocols are infected with Mirai malware. One host for this virus was even a connected security camera from a laundromat in Colorado, according to the Wall Street Journal. The machine was used to spread the infection to other devices, leading to the temporary shutdown of major websites last year.

In response to the camera hijack in Colorado, Compulan Center, the company selling it as part of its Digital ID View brand and other devices like NVRs, monitors, and security electronics, stated to the Wall Street Journal that “it would add protections like randomized passwords and prominent reminders to stop customers from leaving machines open to hackers.”

The growth of IoT will probably lead to even more security challenges so patch management and security are not to be taken lightly. Users are just as responsible for updating their firmware and keeping a secure infrastructure as the manufacturers releasing the devices.