If the past year has taught consumers anything, it’s that identity thieves, fraudsters and scammers are on the prowl, going after any information they can use to make a buck. But the intrusions don’t stop there.
If the thought of being the unwitting star of your own prime time reality show gives you the willies, consider the recent revelation that more than 73,000 unsecured webcams and surveillance cameras are, as I write this column, viewable on a Russian-based website. The site lists the cameras by country. (Unfortunately, the U.S. is well represented.) In every case, victims ignored safety protocols and installed the cameras with their default login and password—admin/admin or another easy-to-guess combination findable on any number of public-facing websites.
According to NetworkWorld, “There are 40,746 pages of unsecured cameras just in the first 10 country listings: 11,046 in the U.S.; 6,536 in South Korea; 4,770 in China; 3,359 in Mexico; 3,285 in France; 2,870 in Italy; 2,422 in the U.K.; 2,268 in the Netherlands; 2,220 in Colombia; and 1,970 in India. Like the site said, you can see into ‘bedrooms of all countries of the world’. There are 256 countries listed plus one directory not sorted into country categories.”
Why It Matters
You may remember the sextortionist who hacked into Miss Teen USA’s computer camera and took compromising photographs. He tried to get money in exchange for not distributing the pictures, and got 18 months behind bars instead. That’s a bit too lenient in my book.
Unfortunately, there are thousands more slimeballs where this guy came from who are poking around, looking for ways to exploit the private moments of your life for their personal amusement or gain.
The Internet of Things has arrived making homes smart, fitness totally interactive and tasks infinitely easier, but the devices we buy to streamline day-to-day life create vulnerabilities that, when exploited, could bring your day to a screeching halt, and the risks are much higher if you don’t apply common sense during the setup of these password-protected devices. The rule here couldn’t be simpler: Anything that hooks into a network must be locked down.
Don’t think it will happen to you? Consider this: There are websites that list the default passwords of all kinds of devices. If you have something wireless that’s hooking up to your household router, it likely came with a pre-set password and login. And there’s a good chance, whatever the device, there’s a forum online where it’s been figured out, hacked, cracked and hijacked for all stripe of nefarious purpose.
Convenient … for Everyone
The added convenience provided by the Internet of Things is obvious, but the security issues may not be. Are your fitness records hackable by a third party? Are they linked to social media? How much information did that require? A login? A password? And what’s to stop a hacker from opening your front door or turning off your heat during a blizzard or your lights during a home invasion: all with an app?
Other common devices that are password protected should immediately come to mind here. Whether it is your household printer, your wireless router or your DVR, there are folks out there who are curious about you, not because they value you as a human being, but because they can create value from any plugged-in human—whether by fraud or extortion or (in a more old-fashioned mode) getting the information they need to rob you blind when you’re not home.
The number of people who don’t change default passwords is staggering, as evidenced by the 73,000 wide-open webcams on that Russian website. There’s a major disconnect here, and it’s specific to the Internet of Things. On the Internet proper, it seems the message has finally seeped in and people are beginning to make themselves harder targets—making sure their privacy settings are tight and their passwords are both strong and changed frequently. But when it comes the Internet of Things, there is still more learning to be done—hopefully not Miss Teen USA-style.
The solution, for this particular problem, is remarkably simple: Set a long and strong password on all devices. Whatever it is, it’s your job to pick something easy for you to remember and hard for others to guess.
The Bigger Problem
The Pew Research Center released a statistic this month that showed 90% of Americans believe they have no control over their personal information—that the facts and figures and ciphers unique to them are simply in too many places, and essentially that the data cat’s out of the bag.
Breaches have crossed the Rubicam. Whether they are of the unavoidable variety or the product of carelessness, they will continue to happen apace. Now the third certainty in life, breaches have become the potholes on a bumpy road. What no one wants to deal with is the fact that the road ends abruptly—jagged concrete and rebar sticking out—and there’s nothing but air after that, and a whole lot of it, between you and the endless crimes that can be committed against you.