National Cyber Security Centre
Consumers urged to secure internet connected cameras
Advice has been published by the NCSC for consumers to help secure internet connected cameras.
- Insecure settings can leave cameras vulnerable to attack by cyber criminals
- Consumers encouraged to change default passwords and regularly update security software
- Action from the NCSC is supported by consumer group Which?
Owners of smart cameras and baby monitors in the home are being urged to take three steps to protect their devices from cyber criminals.
With the continuing growth in popularity of these smart devices, the National Cyber Security Centre (NCSC) has produced security guidance for users of this technology to help ensure it is used safely.
The move is supported by consumer group Which?, which has previously raised concerns about security flaws in connected cameras.
Though the risk is very low, live feeds or images from smart cameras have the potential to be accessed by unauthorised users. The National Cyber Security Centre, a part of GCHQ, has published guidance including three steps consumers can follow to help keep their devices safe:
- If your camera comes with a default password, change it to a secure one – connecting three random words which you’ll remember is a good way to do this. You can usually change your password using the app you use to manage the device.
- Keep your camera secure by regularly updating security software. Not only does this keep your devices secure, but often adds new features and other improvements.
- If you do not use the feature that lets you remotely access the camera from the internet, it is recommended you disable it.
Dr Ian Levy, NCSC Technical Director, yesterday said:
“Smart technology such as cameras and baby monitors are fantastic innovations with real benefits for people, but without the right security measures in place they can be vulnerable to cyber attackers.
“We want people to continue using these devices safely, which is why we have produced new guidance setting out steps for people to take such as changing passwords.
“These are practical measures which we can all take to help us get the most out of our home-based technology in a safe way.”
Digital Infrastructure Minister Matt Warman yesterday said:
“We are working hard to make the UK the safest place to be online and want everyone to have confidence in their connected devices.
“I recently announced new laws to improve the security standards of internet-connected household products which will hold companies manufacturing and selling these devices to account.
"I urge everyone who owns a smart product to follow the NCSC guidance to make sure their device is secure.”
Caroline Normand, Which? Director of Advocacy, yesterday said:
"Which? has repeatedly exposed serious security flaws with devices including wireless cameras and children's toys, so mandatory security requirements and strong enforcement that ensures manufacturers, retailers and online marketplaces are held accountable for selling unsecure products is essential.
"Until new laws are in place, it is vital that consumers research smart device purchases carefully, and follow guidance to ensure their devices are protected by strong passwords and receiving regular security updates to reduce the risk of hackers exploiting vulnerabilities."
In future, new laws will ensure consumer smart devices sold in the UK adhere to three rigorous security requirements. These are:
- Device passwords must be unique and not resettable to any universal factory setting;
- Manufacturers must provide a public point of contact so anyone can report a vulnerability, and
- Manufacturers & retailers must state the minimum length of time for which the device will receive security updates.
The drive to improve the security of internet-connected consumer products is part of the Government’s five year National Cyber Security Strategy, which is backed with £1.9 billion investment and aims to make the UK the safest place to live and work online.
Latest News from
National Cyber Security Centre
School staff offered training to help shore up cyber defences21/04/2021 15:25:00
New cyber security training resource for the schools sector to improve cyber resilience.
Advice on Pulse Connect Secure RCE Vulnerability21/04/2021 14:15:00
Advice for UK organisations using Pulse Connect Secure (PCS) VPN appliances.
UK and US call out Russia for SolarWinds compromise16/04/2021 10:10:10
Russia’s Foreign Intelligence Service (SVR) responsible for intrusion of global software supplier.
Security updates released for Microsoft Exchange Servers14/04/2021 10:20:00
The NCSC is encouraging organisations to install critical updates following a number of vulnerabilities being addressed in Microsoft Exchange.
GCHQ reflects on the passing of His Royal Highness The Prince Philip, The Duke of Edinburgh13/04/2021 11:10:00
GCHQ and the NCSC reflect on the passing of HRH The Duke of Edinburgh.
Paws-word change recommended on National Pet Day09/04/2021 14:15:00
Ahead of National Pet Day, the NCSC is encouraging people to use three random words for passwords rather than the names of their pets.
More Master's degrees at UK universities recognised by cyber security experts09/04/2021 11:15:00
Ten universities around the UK have received official recognition for their postgraduate degrees in cyber security.
CYBERUK: flagship event set to take place in fully digital format02/04/2021 10:15:00
UK government’s cyber security event to be held virtually on 11-12 May giving the widest audience chance to participate.