Devices connected to the net could be leaking data about you

Some parents may have been eyeing their baby monitors warily in the past few weeks after it emerged that, like many internet-connected devices, they are open to being hacked.

As the “internet of things” takes hold and more devices get online, it stands to reason that they also become more vulnerable to being exploited by malicious users.

The baby monitor issue is just the latest incident to hit the headlines. One US-based couple discovered their 10-month-old child was being yelled at by a stranger over an IP camera being used as a baby monitor. The person then turned his attention on the child’s father when he entered the room. Last year, a man in Texas claimed his two-year-old daughter was shouted at over a baby monitor by a man who had hacked into the device. The cameras in both those instances had a recognised security flaw for which the manufacturer had issued an update, but the parents were unaware of the update’s existence.

The idea that your baby comms equipment can be hijacked so easily is not new. Older monitors – both video and audio – were notorious for being intercepted by people outside the home with a device on the same wavelength.

"That was a localised problem as such; you had to be in range of the monitor," says security consultant Brian Honan.

However, the growth of wifi-enabled baby monitors that parents can access from outside the home has meant that hackers can now access monitors that are thousands of miles away, and do so relatively anonymously. And some parents may be using IP cameras as a cheaper solution.

Minimum security
IP cameras, rather than dedicated baby monitors, can be used for anything from keeping watch over your child to home security systems, and they are relatively cheap. However, unless you are vigilant, you could unknowingly be giving hackers access to your home. "If the device is set up by default, very often this means security is at a minimum level, it means anyone on the internet could potentially connect to those devices," says Honan.

Imagine a situation where someone can take control of the lights in your home, because your bulbs are connected over wifi to your smartphone. Maybe your console is spying on you as you relax in your livingroom. Or how about a smart TV or fridge that gets drafted into a network of zombie computers sending out junk mail? That last one was uncovered by security firm Proofpoint earlier this year, when it found up to 750,000 spam emails had been sent from 100,000 gadgets ranging from routers to connected multimedia centres and TVs, and at least one fridge.

In the future, everything from thermostats and smoke alarms to ovens and cleaning appliances could be connected to the internet as a matter of course.

If you think about the number of devices in your home that are connected to the internet, and could potentially be leaking information about you, how confident are you that you have taken adequate steps to protect yourself?

At one time, you had to add a separate webcam to your home setup. Now webcams come built into laptops as video-chat services such as FaceTime and Skype become more popular. But have you stopped to think that it could be used against you?

In 2010, a Pennsylvania school district found itself the subject of a class action in the US after it emerged that the webcams on laptops it issued to students were being activated remotely, even when students were in their own homes, and had recorded activities that were subsequently used against them.

More recently, British surveillance agency GCHQ and the US National Security Agency were revealed to have intercepted images from Yahoo webcam chats and saved them, despite users not being suspected of any crimes.

It is possible that hackers could employ similar tactics. Although it is considered relatively rare, Trojans have been used to take control of webcams remotely. There have been cases where photographs taken surreptitiously with infected webcams have been used in blackmail attempts. Last year, British charity Childnet International warned users that external webcams posed a risk and should be disconnected where possible from computers in children’s bedrooms.

“There have been a number of computer viruses that have been used to target these devices to try to compromise them, but if you take certain steps, you will prevent the majority of attacks,” says Honan. “A lot of these attacks are opportunistic.”

These viruses, known as remote-access Trojans (Rats), can be downloaded by users unwittingly or installed by malicious users on machines that do not have adequate security. Anti-virus software and firewalls should be installed on all machines connected to the internet.

What about your smartphone camera? Or your console's motion tracker? Earlier this year, Microsoft had to move to allay consumers' fears after claims that the NSA had considered using its Kinect motion controller to spy on users.

It is not surprising that this makes people uneasy. If you have a Kinect user profile on your console, it will automatically recognise you when you enter the room, displaying your gamertag on screen with a cheery greeting. This makes it easier to sign into your online gaming account or use some of the console’s other features.

The Kinect also has a microphone, which picks up sound from the room. This enables it to work with voice commands, but it also means it could be picking up your voice when you are unaware it is working.

It is easy to resolve the Kinect issue: simply disconnect it when it is not in use. Covering the camera will only block its view, but disconnecting it altogether means it will not pick up chat in the room.

Smartphone information
What about what is in your pocket? Your smartphone contains far more information about you than you may realise. From personal information and photographs to locations, the amount of information that can be gleaned from such devices is frightening when you think about it.

Honan says people often overlook the threat from information about their location that is provided to corporations such as Facebook, Google and Twitter. "All that information can be used by advertisers to target you with personalised ads, or it could be used by people with malicious intent to track you or monitor your location all the time – where you're going, who you're going to see."

If your smartphone doubles as a GPS, its history could reveal where you live. Honan says one way around this is to set your home address as a local landmark that does not give away your exact location, and to beware of the access you give to social networks that could be available publicly.

Be sure to disable location data on your smartphone’s camera before taking photos you plan to share publicly online. GPS co-ordinates can be extracted from the digital file with the right knowledge.

Malware is a major issue for smartphones, in particular Android. With a large user base – Android has close to 80 per cent of the smartphone market – and the ability to install applications that do not come from the official Google Play store, Android can be an attractive target for malicious users compared to the Apple and Windows Phone platforms. That is not to say that malware does not exist for those platforms but, according to some security firms, more than 95 per cent of mobile malware is targeted at Android.

A few simple steps will offer some measure of protection. These include installing anti-virus software, only downloading apps from reputable sources, and reading the permissions apps seek before installing them on your device.

Many of the risks associated with connected devices can be mitigated by common sense and simple security measures. With the majority of attacks on connected devices carried out by opportunists rather than being targeted at specific users, shoring up any potential security holes could help keep you safe.

Defence of the domestic realm: A few tips to protect yourself
Register products
While many of us do not bother registering a product unless the company forces you to do so, there are some benefits. It keeps you up to date with potential software upgrades that patch vulnerabilities the manufacturer has identified and of which you may otherwise not be aware.
Read the instructions
It may sound simple, but how many people read the instructions properly before setting up new devices? It could give you valuable tips, such as how to change default passwords on devices, for a start.
Beef up your security
While it is not something the average householder thinks about, perhaps it is time to start increasing internet security. Usually, your modem will have a built-in firewall; if it does not, it may be time to invest in a new modem. And do not leave the default security settings on your wifi network. Experts suggest you change passwords and default IDs on home broadband to something that won't be guessed easily, ie not your birth date.
Restrict
If you do need to allow internet access to IP-enabled devices, consider restricting access to IP addresses you know and trust, security consultant Brian Honan recommends.
Unplug
When something is not in use, disconnect it from the network or shut it down. In the case of webcams, ensure they are covered. "I put a bit of black tape over my webcam," says Honan.