{"id":74704,"date":"2014-11-30T12:00:04","date_gmt":"2014-11-30T10:00:04","guid":{"rendered":"http:\/\/businesstech.co.za\/news\/?p=74704"},"modified":"2014-11-28T16:22:30","modified_gmt":"2014-11-28T14:22:30","slug":"if-its-connected-its-vulnerable-to-hacking","status":"publish","type":"post","link":"https:\/\/businesstech.co.za\/news\/internet\/74704\/if-its-connected-its-vulnerable-to-hacking\/","title":{"rendered":"If it&#8217;s connected, it&#8217;s vulnerable to hacking"},"content":{"rendered":"<p>The UK Information Commissioner Christopher Graham has <a href=\"http:\/\/www.bbc.co.uk\/news\/technology-30121159\">drawn attention<\/a> to a webcam-monitoring Russian website, which offers thousands of private video streams, raising fears of <a href=\"http:\/\/www.theregister.co.uk\/2014\/11\/20\/insecure_webcam_peeping_tom_threat\/\">unwitting and continuous surveillance<\/a>. Graham conceded that he has <a href=\"http:\/\/www.theguardian.com\/technology\/2014\/nov\/20\/webcam-hackers-watching-you-watchdog-warns\">little legal power<\/a> to close such sites.<\/p>\n<p>This revelation from one of the highest authorities on such matters should not come as a surprise to anyone who owns devices connected to the internet \u2013 and yet it has been treated in <a href=\"http:\/\/www.techtimes.com\/articles\/20635\/20141120\/russian-website-streaming-footage-from-hacked-webcams-to-make-a-point.htm\">just this way<\/a>. The <a href=\"http:\/\/gcn.com\/articles\/2014\/07\/23\/risks-iot.aspx\">rule<\/a> of such devices is simple: \u201cIf it\u2019s connected, it\u2019s vulnerable.\u201d<\/p>\n<h2 class=\"my-4\">Security is your responsibility, too<\/h2>\n<p>These reports raise a number of questions and concerns that all come down to a single key realisation. We are surrounded by poorly designed systems that are made worse \u2013 not better \u2013 when they are brought together in different combinations. Even worse, when systems include reliance upon the actions of people \u2013 as all do in some way \u2013 then the scope for disaster rises exponentially.<\/p>\n<p>The response so far has been for <a href=\"http:\/\/www.techtimes.com\/articles\/20635\/20141120\/russian-website-streaming-footage-from-hacked-webcams-to-make-a-point.htm\">calls to shut down the website<\/a>, but little attention has been given to the fact that this situation can easily happen again at another domain and with other devices.<\/p>\n<p>The recent <a href=\"http:\/\/theconversation.com\/celebrities-nudity-and-other-ways-4chan-drives-the-internet-hype-machine-31150\">hacking of Apple\u2019s iCloud<\/a> to gather compromising photographs of celebrities proved indirectly that smartphones are similarly at risk. The Russian website is just the publicly visible end result in a longer chain of activities. Hacking access to an IP camera can be done by anyone with access to the internet and with sufficient knowledge and patience.<\/p>\n<p>The Russian site currently under scrutiny quite simply relies on using the default admin passwords for a variety of commercially available internet protocol (IP) cameras, which are sold as stand-alone units connected to the internet wirelessly.<\/p>\n<p>When a camera is sold out of the box it invariably has a default admin account which is combined with a default password. The instructions on that box will also direct the new owner to immediately change the admin password. But users often don\u2019t make the change and the Russian website proves that point.<\/p>\n<h2 class=\"my-4\">Device-makers need to fix their ways<\/h2>\n<p>The immediate solution is clear. With the attention that the site has now received, owners of every single IP camera worldwide, whether they are currently displayed on the site or not, should change the admin password that enables access to the video stream. But even with this remedy, assuming the action was to be done completely by all of those camera owners, the result is only a superficial sticking plaster.<\/p>\n<p>Despite the now apparent demise of the site at the centre of the scrutiny a new version will only take another suitably determined programmer to take up The concept. The manufacturers of thousands of <a href=\"http:\/\/devices.wolfram.com\/\">internet-connected devices<\/a> need to design them to minimise the reliance upon people to setup minimum security protocols.<\/p>\n<p>Examples of good information security can be taken from social media and online shopping websites where the potential risks are well-known and better acknowledged. For example, manufacturers could \u2013 and some now do \u2013 force the default admin passwords to be changed the first time a device is used (and to something different from the original default password). A device could also automatically monitor and alert an owner when a \u201cforeign\u201d computer is accessing it.<\/p>\n<p>While the <a href=\"http:\/\/www.theinternetofthings.eu\/\">Internet of Things<\/a> is still an exciting vision, it is important to ensure that it is also secure. This security should be available in a way that does not unnecessarily burden its users with responsibilities in the name of reducing costs. So much can be more effectively managed by software and automated processes to help protect us from privacy breaches.<\/p>\n<p class=\"fn\"><em>By <strong>Gordon Fletcher<\/strong>, <span class=\"role\">Centre for Digital Business at University of Salford<\/span><\/em><\/p>\n<ul>\n<li>This article was originally published on <a href=\"http:\/\/theconversation.com\">The Conversation<\/a>.<\/li>\n<li>Read the original article.<\/li>\n<\/ul>\n<h3 class=\"my-4\">More from The Conversation<\/h3>\n<p><strong><a title=\"Permalink to What commercial aircraft will look like in 2050\" href=\"http:\/\/businesstech.co.za\/news\/general\/72772\/what-commercial-aircraft-will-look-like-in-2050\/\" rel=\"bookmark\">What commercial aircraft will look like in 2050<\/a><\/strong><\/p>\n<p><strong><a title=\"Permalink to What it took to land a rocket on a comet\" href=\"http:\/\/businesstech.co.za\/news\/general\/73298\/what-it-took-to-land-a-rocket-on-a-comet\/\" rel=\"bookmark\">What it took to land a rocket on a comet<\/a><\/strong><\/p>\n<p><strong><a title=\"Permalink to Who owns the moon?\" href=\"http:\/\/businesstech.co.za\/news\/general\/71163\/who-owns-the-moon\/\" rel=\"bookmark\">Who owns the moon?<\/a><\/strong><\/p>\n<p><strong><a title=\"Permalink to Tackling the Twitter abuse \u201ccrisis\u201d\" href=\"http:\/\/businesstech.co.za\/news\/internet\/73512\/tackling-the-twitter-abuse-crisis\/\" rel=\"bookmark\">Tackling the Twitter abuse \u201ccrisis\u201d<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The rule of devices connected to the Internet is simple: \u201cIf it\u2019s connected, it\u2019s vulnerable.\u201d<\/p>\n","protected":false},"author":29,"featured_media":59859,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_sma_x_autopost_status":"idle","_sma_x_autopost_error":"","_sma_x_post_id":"","_sma_x_attempts":0,"footnotes":""},"categories":[9882],"tags":[583,26,9104],"class_list":["post-74704","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-internet","tag-hacking","tag-headline","tag-the-conversation"],"_links":{"self":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts\/74704","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/users\/29"}],"replies":[{"embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/comments?post=74704"}],"version-history":[{"count":1,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts\/74704\/revisions"}],"predecessor-version":[{"id":74726,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts\/74704\/revisions\/74726"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/media\/59859"}],"wp:attachment":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/media?parent=74704"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/categories?post=74704"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/tags?post=74704"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}