GCHQ's infosec arm has 3 simple tips to secure those insecure smart home gadgets Britain's National Cyber Security Centre (NCSC) wants owners of baby monitors and smart CCTV cameras to take some basic security precautions. The GCHQ-owned infosec arm of government today published what it hopes is simple guidance that can be followed by ordinary people who haven't got time to immerse themselves in the …
A Hammer or better still an Angle Grinder would be more effective.
Amen. I don't understand why people are so interested in internet connected devices. My baby monitor was essentially a one way walkie-talkie and it was enough. I could see getting a keypad lock if I still had kids at home but I wouldn't let anyone else in the house when I'm not there so, again, no need for internet. I don't have a problem walking to a light switch. And my programmable appliances are as smart as I need or want.
Honestly, there are actually some good uses for this stuff.
My sister uses cams for home security, and to watch the cats, allowing them to check up on them, and make sure that they haven't gotten into the food cupboard (again... They've managed to bypass the lock when not set properly, and rip into the boxes and food pouches a couple of times now.)
She bought my Father a set of cameras for Christmas this year, and only two nights ago, they caught and alerted us to someone getting into the back garden.
I've given my share of warnings about updates, passwords and access as the family tech guy, up to the point where it goes from good advice to being annoying, so not going to push it further. Hopefully it's sufficient.
Go one better and use www.what3words.com to generate them. Choose a place that you know (not your home front door) and swap the words around. There is a pretty good password.
I tried it recently with
Ironclad, Patio, Sunbathing
plus some numbers where needed.
But it was a huge "disappointment".
I ended going with [redacted],[redacted],[redacted] instead.
For a baby monitor, physical access isn't an issue. (If you are able to get to the monitor, you can probably get to the baby.) So you don't have to remember a ludicrous password, you can write it on the thing.
This actually applies to most household gadgets; the threat is online hackers, not offline thieves, who will just steal it and factory reset it anyway.
Obviously not many people on here have had children. When you are a first time parent, it is a big thing to go out and leave your baby in the hands of a baby sitter. No matter how much you think you wouldn't be worried or feel guilty before being in that situation, you do, you really do. Being able to just check the baby is OK when you are out, is a massive reassurance, and is a small step towards getting some sort of life back.
I bought a cheap Chinese WiFi camera, with an abysmally insecure remote server and app, but disabled UPnP on the router and firewalled it from making any external connections. Instead I used a early Raspberry Pi to provide an SSH tunnel to the camera, with key authentication only. Now I use Raspberry Pi cameras and OpenVPN for remote access, the kids are older and we don't feel the need to check on them in the same way, it's more to give the baby sitter a ring to tell them to start tidying up before we get home!
Speak for yourself. We've never used a babysitter and never will. When you have a kid you know what you're signing up for. If you still want the carefree lifestyle of going out when you want then please DONT have children. They're not a pet, they're the biggest responsibility you'll ever have and leaving them in the hands of a minimum wage stranger is NOT responsible (leaving them with family is another matter obv).
1.) Even the best parents need to get out sometimes and we no longer can always rely on granny/aunty as once we would have.
2) Babysitter doesn't have to mean paid employee. Could mean responsible local teenager who wants to earn a few quid and have somewhere quiet to do a bit of homework, or watch TV without the siblings around etc.
3.) The kids need to learn that mummy and daddy can be away from them. Otherwise separation anxiety ensues later. Helicopter parents do no good for their kids.
3.) The kids need to learn that mummy and daddy can be away from them. Otherwise separation anxiety ensues later. Helicopter parents do no good for their kids.The reverse is also true, that is, parents have to get over separation anxiety from their children. Which having a remotely accessible monitor isn't going to do.
Leave a "local teenager" in charge of a small child? Seriously??
And its nothing to do with being a helicopter parent - its simply putting your kids welfare before your own. You have plenty of free time when they're at nursery or at school, you can always take a day off work to enjoy yourself. Dumping a child with a babysitter is no different to dumping them at boarding school when they're older - its for parents who like the idea of having children but not the reality.
"Leave a "local teenager" in charge of a small child? Seriously??"
Believe it or not, but this was the standard way many of us were brought up. Living in a small village there was no chance of a 'professional babysitter' (if such a person even existed), so my folks hired one of the local kids who was a few years older than us and theoretically trustworthy.
Some years later, when I was a teen, I was contracted out to sit in someone else's house and tell their kids to go to bed or I'd tell on them to their parents.
This was between the early 80's and mid 90's by the way, perhaps it's different now.
I think that's everything to do with being a helicopter parent.
But helicopter parents probably don't see themselves as being that. They are.
False comparisons (boarding school) don't change that. And on El Reg we're well versed in handling that kind of false logic.
Its nothing to do with helicopter parents, why not look up the definition. Its everything to do with Generation Me Me Me (ie millenials) being too lazy to take responsibility for their offspring and still want to live the carefree single life.
First I'm not a millennial by a long way, although my wife qualifies. Secondly, the first few times we both went out together after having a baby, were to Council meetings, as we were both elected councillors at the time and attendance was mandatory. So it's not all about abandoning the baby to have fun.
Nonsense. My generation ( my kids are now in their 20s) used baby sitters. Grandparents where possible, aunts, cousins or neighbours kids mostly, if not. Some had paid baby sitters, it wasn't that unusual.
As did my parents generation, half a century or more ago. The Babysitter was a thing.
Wrong. And in fact there's a whole issue about dog owners who are never there for their pet and leave it to professional dog walkers to manage during the day. You see them in the parks with a whole bunch of dogs on leads. These are even companies sometimes with liveried vans,
Your experience is far from the usual.
I was a teacher. Of course I blame the parents.
When a five year old comes into school swearing it's not the kid's fault.
When parents start fighting outside the school gate.
Leave their kids outside the pub door (once I saw that when it was the pub behind the school I did work in ffs)
When kids can barely string two words together and I see the parents walking along or sitting on the bus on their phones instead of speaking to their kids.
And so on and so on.
It's an endless list.
"Obviously not many people on here have had children. "
2 kids, one of those had a heart condition, occasional fits and breathing isdues. However one of the joys of going out is NOT "having" to constantly fret all the time. As someone said above, getting you life back is NOT being a helicopter parent and both you and your kids learning to be apart.
Joe and Josephine Bloggs are more interested in 'Ooh shiny!' and not having to get off their arses to check on the sprogs or dim the lights when their fave' reality show comes on t' telly.
Three random words are likely to be the kids names plus that of the budgie and usually visible all over their social media accounts.
or I would have suggested that the "Keep your camera secure by regularly updating security software." be simplified by removing the word "security", as in "Keep your camera secure by regularly updating the software." Not every Brian Blessed can tell the difference.
Oh, hi guys! Long time no see. Keep up the good work.
AC for good security practice ;-)
This advice worries me. Normally I'm all for updating software. But some of this IoT kit gets updated in order to make it worse - and more dependent on the vendor's servers. Or even to disable various abilities, in order to make you sign up for some other service, agree to new Ts&Cs or whatever.
I suppose in general I'm still with them on update your software. It's just another reason why this stuff worries me.
This post has been deleted by its author
It is a big mistake to assume that the update will work better than the old firmware. Very, very often a "new feature" (that you will never use) has borked something that you *do* use, and/or opened a huge security hole that wasn't there before. Even security updates occasionally substitute one vulnerability for an even bigger one.
I do agree with changing the password, though for me it is usually so that I can remember the password rather than having to look up the default. Because there is not always any risk from hackers - it depends where and how the hardware is used. If someone hacks the feed from the camera I use to remotely monitor a 3D printer, or my neighbour's camera that she uses to check the level of seeds in her garden bird feeder for example, that's not too serious. But where it would indeed be highly undesirable for anyone else to gain access, changing the password is as basic as changing the combination on a new padlock so that it is not the default 0-0-0-0
I really don't understand people who put cameras in every room of the house, including bedrooms and bathrooms. I believe you have to *assume* that any Internet-connected camera stream can be intercepted by any man+dog no matter what company made the kit or what security measures you have adopted. If you must put a camera in the bathroom, at least provide a lens cap that can be fitted whenever the bathroom is occupied. (And check that the lens cap works - some types of black plastic are transparent to long wavelength light and the camera will happily switch to IR mode and supply a B&W image with the cap fitted).
And Sony classically on the PS3 where an update removed Linux capability.
And Sonos (though maybe they backed down a bit?) where they are making older speakers incompatible with newer ones.
And Google/Nest where they bricked older devices.
And Apple with their iPhone-throttling iOS updates.
And the list goes on.
my neighbour's camera that she uses to check the level of seeds in her garden bird feeder
TBH most people probably wouldn't buy tech for that kind of low level use. The 3d printer possibly, but that's a very techie thing to start with.- and presumably all the setting up, bar the actual camera, is in place.
"GCHQ's infosec arm has 3 simple tips to secure those insecure smart home gadgets"
1. Unplug it
2. Hit it several times with a hammer
3. Take it to the recycling depot
OK, OK, I kid (kinda). I actually have robot door locks and a robot garage door opener now! Never thought the day would come. On the one hand, I'm sure someone sufficiently dedicated could hack them over the internet while wearing a hoody and mumbling "I'M IN". On the other hand, I eventually decided, someone sufficiently dedicated could also just chuck a rock through the large window that's right next to the door, and being able to check whether I remembered to lock the damn door when I'm ten minutes down the road (and open the garage door without remembering to take the annoyingly chunky remote out with me) does turn out to be handy...
So the NCSC has just caught on to this - brilliant! Insecam (over 5 years) and shodan (over 10 years) have only been highlighting this graphically (literally graphically) for ages.
But of course this is the official security advice agency that recently turned its entire web site into a javascript app. Not even the landing page can be read with scripting disabled. "Good thinking Batman", javascript being the primary vector for almost all drive by infections.
.......so here we have the fox giving the chickens in the hen house some "useful advice"!!!!
*
Does the word "misdirection" come to mind?
*
Perhaps Dr Ian Levy would be MUCH more helpful to us chickens if he could tell us something (anything!) about what actually goes on in Cheltenham.
When you buy something that is phoning home at every opportunity, a lot of what you might do elsewhere in your home gets tossed in the garbage.
https://www.bbc.co.uk/news/technology-51709247
Ring doorbells with connected cameras log every action the bell does AND every action you make with the App. All gets sent to the mothership and added to your history profile so that Amazon can flog you more useless tat that you more than likely do not need and may even have to buy on the never-never.
Isn't progress wonderful...
"If your camera comes with a default password, change it to a secure one" => Require all IoTat devices to not have a default password, rather one that the user has to enter before it can be used. And reject any easily-hackable passwords.
"Keep your camera secure by regularly updating security software" => Require all IoTat devices to update themselves automatically and make manufacturers financially liable for security breaches in the way that they would be liable if a the device electrocuted someone.
"If you do not use the feature that lets you remotely access the camera from the internet, it is recommended you disable it" => Require all IoTat devices to have this feature switched off and only allow it to be enabled if a strong password has been assigned by the user (and maybe mandate 2FA as well).
FTFY
13N11YCh1AId0PSq1MCe1cZe0BBY1MFb0Tp60ijx
0nha0tmO0mH$1dnl0z7f07Yl1UBC0JHv1UWG0MhU
1H5t0cjL1S6=0o5p1NVu01e60JAT14ZK0=Hb140L
0lev1AA20RKk0=u10YG80TBS0CJr1iJJ1KTO0yk$
1TQm1g0T0B$G1Yxf08Xr0HYV0IvI0LQG13Cx1Fiu
1Pdv1S7a0jD90tAw09Lr0b7g0JCv07=O1Adr0QSh
1mh90msE01ae0Uww1DEz0WzG0mAs1J9E1GE31N0t
1NRr176D0ey60lIE0mLK0rFU10at1dLs0qng0TPm
0afN0k4R0U110oG90K900VFu0kq309Wh1cSG0Vxp
19vS0IXT1KUn0W4Q1aT50yd6083u0Lzx0mnW0B3v
0o1i0hLF10XD0lyC0YAq1O160OH$1b5s1K$J0iUz
0$m80Xr=13lr0WL=16Yv1Iqr1Zx20ezo14v81iVg
0nJy1WNj0r4Q0QdP0RHS1jn718lQ1F851k7I1egt
0FU51ELM17eY1cUq17Sp19FY1kGD1mUV1Wkl1X9U
0unn1YSI0nGi0R6R1QzU1KEG0$IM0ilT1Rvp1K1A
0e810rfi06JR1eow1GA=0YmO0ZTV054s0q0r1XUF
02Nj0Gyy10dv0zRi0E4Z1N6Z01pQ1iAM1AB80abY
0J4j1cyy18$m15DF1hGT1lXZ0ieH1Qa40QO80ATV
16hc0hGx0v$P1Xc20AN$0weX1exA0Zml15nb0etT
0fri07x1104a0tbE0JHu0Qty1HsC0iAR1Zcf0bH7
0Btj104Y171v1l3w0KCZ0m3z0O7J1Q3o1VWk0wBX
08Yc18Wk1Zpl0$zb0QLx0$yN0S7k0Lxr17tp0D$X
0MbZ1U5u0yzA1Wpw18JI00b11AIM0w3Q0TXl0QJW
1Yuj0Coq1I6y1jxw0CAn0nZm0$nx1idp0bPc1KWU
1VW502V10GeG0VFW0mvd01$M1QBt0l6J12aw1Ztq
1jEB0YDb0D3w02fW1cuJ1Dxv1Prf01zB0Lf31gfs
1OM31il50hAC1gty0HoE05D60IHs0i9R1AnD0SpP
16fH1Uv70cxH0oDK0xbj0eQN0X561aZ51HrH17tY
0bDh1PdN
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
