Information Commissioner's Office
|Printable version||E-mail this to a friend|
UK families still at risk from baby monitor hacking style attacks
Lessons have not been learned from the realisation that a Russian website was providing links to access baby monitor cameras, says the UK’s data protection watchdog.
The launch of a website that allowed people to watch footage from insecure cameras around the world prompted a warning from the Information Commissioner’s Office (ICO) in 2014.
But the regulator has recently warned many people are still not ensuring the security of their connected devices. This means Internet of Things (IoT) products such as baby monitors, music systems and photo or document storage which can be accessed online are at risk of revealing your personal details to other people.
Simon Rice, ICO Group Manager for Technology, said in a blog published recenty:
“The public must act to protect themselves and their families when using these devices.
“If they don’t they could find their personal files easily accessible by popular search engines, casual browsing or more determined attackers. If you wouldn’t leave your house unlocked then make sure your digital home is equally secure.”
A lack of security when it comes to IoT devices could mean that a search engine is used by criminals to locate vulnerable devices and then gain access to them or others on your home network. An attacker could then use your equipment to mount attacks on others or take your personal data to commit identity fraud.
Dr Rice said:
“Connected devices which monitor and communicate around our homes, cars and physical activities can offer many benefits but individuals must take steps to ensure they remain in control of their personal data when using them.
“Always remember to consider: If you can access your services from outside of the home, what security measures are in place to stop others from doing the same? Setting a strong and unique password is a crucial first step in network security.”
Notes to Editors
- The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
- The ICO can take action to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit. The ICO has the power to impose a monetary penalty on a data controller of up to £500,000.
- To report a concern to the ICO telephone our helpline 0303 123 1113 or go toico.org.uk/concerns/
Latest News from
Information Commissioner's Office
ICO statement in relation to the potential risk to patient medical records held by GPs on TPP SystmOne21/03/2017 16:20:00
ICO has yesterday given a statement in relation to the potential risk to patient medical records held by GPs on TPP SystmOne.
Information Governance Survey: What councils need to do now21/03/2017 14:10:00
Blog posted by: Anulka Clarke, ICO Head of Good Practice, March 20, 2017.
Council fined for leaving sensitive files in cabinet sent to second hand shop21/03/2017 10:05:00
A county council which left files that included sensitive information about children in a cabinet sent to a second hand shop has been fined £60,000 by the Information Commissioner’s Office (ICO).
ICO survey shows many councils have work to do to prepare for new data protection law20/03/2017 16:05:00
Local councils are being offered advice from the data protection regulator ahead of a new law coming into force next year.