How criminals use household gadgets to spy on you
Midday on an industrial estate in North Yorkshire and a van pulls up outside a furniture-making company to be loaded up ready for a delivery.
Meanwhile, 250 miles away in London, workers check the till and stock the shelves at a high-end shop selling cigars and whisky. At much the same time, children emerge from a school in the Midlands, ambling through the playground as they move between lessons.
They may all be mundane, everyday activities, but that makes it all the more chilling. Because these three scenes were recorded on private security cameras at those locations in England, only to end up being streamed, live, via a website in Russia that anyone, anywhere in the world, can access at the click of a button. Around the clock, day and night.
While many cameras are installed to improve security, what they show is how easily modern technology can do the very oppositeÂ
The footage is among that taken from more than 500 sites in the UK â" from cameras in businesses, churches and even inside homes.
One stream features four views from a British house labelled as âcarâ, âdoorâ, âpathâ and âpatioâ. Another shows a garden, littered with toys. Recently â" via the Russian website â" a man could be observed walking along the path by his house, but it could have easily been his kids caught on camera.
Not that he will have known his familyâs comings and goings were being broadcast around the world. Because while the cameras were installed to improve security, what they show is how easily modern technology can do the very opposite.
The cameras i n question were either not password protected or they used pre-set passwords that are known to hackers. As a result the footage, which is broadcast via the internet, and is meant to be viewed only by the camerasâ owners, can be accessed by anyone with a modicum of technological savvy.
A survey of 15 devices by Which? found that eight were vulnerable to hacking. Pictured: a Smarter iKettle
And so it has ended up on one of a number of voyeuristic websites dedicated to collating such footage.
Those whose privacy is being violated had no idea â" something that became all to apparent when the Mail informed them. But what is even more worrying is that this is just the tip of the iceberg.
Because like never before, consumers are adopting a new range of technologies that have connectivity to the internet built in to them â" the so-called âinternet of thingsâ.
And these gadgets are now commonplace in our homes. By 2025 it is estimated that globally there will be 75 billion internet-connected items.
Many of these devices are âalways onâ â" monitoring, filming or rec ording in our homes around the clock. But like webcams and CCTV cameras, their vulnerabilities are now becoming apparent.
As well as exposing our personal data, cyber-criminals are able to take control of these gadgets and use them to launch co-ordinated âattacksâ on organisations and infrastructure, flooding them with data.
âThe internet of things is one of the scariest parts of the security landscape at the moment â" it is the soft underbelly,â says Professor Alan Woodward, a cyber-security expert at Surrey University.
âNo one will attack the strongest part of the wall, but the weakest. As a cyber-criminal, why take on something protected, such as a laptop, when you can far more easily attack a fridge or toaster?â
Not so cuddly: This CloudPets Talking Unicorn (left) is vulnerable to hacking as is the Amazon Echo (right)
Take a turn around a 21st-century house and it is hard to find a room not touched by technology. Upstairs, for parents wanting to keep an eye on their young children, there is the new generation of baby monitors. These are connected to the web, allowing for remote listening or viewing via smartphone.
There may also be a high-tech soft toy or two â" believe it or not, parents and children can use them to send messages to one another.
The landing, meanwhile, is ideal for a smart lightbulb. Connected to the homeâs wi-fi, these can be dimmed or their colour changed with the swipe of a smartphone.
Downstairs in the hallway, modern thermostats such as the âHiveâ are increasingly popular. These allow homeow ners to monitor and change the temperature remotely, rather than having to change the settings manually on a box fixed to the wall.
In the sitting room, smart TVs are commonplace. These are also connected to the internet, so they can stream programmes. Many have a voice-control option, doing away with the need for the remote.
Then there is the new generation of virtual personal assistants, with Amazonâs Echo leading the way.
Echo is a wi-fi-connected, hands-free, smart-speaker fitted with seven sensitive microphones. Sit it on your kitchen table and tell it what you want. In response, it will read out a recipe, check a train time, help with homework or even crack a joke.
It can also connect wirelessly to smart-home appliances to control lights, ovens and security systems without homeowners having to access an app. At its heart is âAlexaâ, its voic e and artificial brain.
As for the kitchen, connected gadgets can include everything from the kettle to the toaster and the fridge. Polish off your last pint of milk or can of beans and a smart-fridge can automatically arrange a grocery delivery to re-stock.
The theory is that these innovations make life easier, more efficient and (when it comes to thermostats and lighting) even save you money.
Two years ago a nanny in Texas reported how as she changed the nappy of her one-year-old charge she was startled by a manâs disembodied voice talking to her and commenting on her actions. It turned out that the baby monitor had come with a pre-set password that had not been changed
But at what cost to privacy? Last month, a survey of 15 devices by Which? found that eight were vulnerable to hacking. Having set up a home with gadgets, the consumer group invited a team of security researchers, SureCloud, to hack it.
One of their most disturbing discoveries involved a range of toys by CloudPets. These include cuddly cats, unicorns and bears costing as little as £5.99. Not only could the hackers use the toy to listen to what was going on in the room, they could also use it to send messages.
âBuilding on a recently published flaw, SureCloud hacked the toy and made it play its own voice messages,â Which? reported.
âWhile our test was harmless, in the hands of someone with malicious intentions, the same hack could enable a stranger to speak to your children directly from outside your house. To give them instructions, perhaps. Or to ask them to come to the front gate to âmeet Daddyâ.â
Previously, baby monitors have been accessed in a similar way. Two years ago a nanny in Texas reported how as she changed the nappy of her one-year-old charge she was startled by a manâs disembodied voice talking to her and commenting on her actions. âHe kept telling me it was a cute baby,â the woman said. âI thought, my goodness, are they watching me right now?â
It turned out that the baby monitor had come with a pre-set password that had not been changed.
That particular issue is a worrying one w hich homeowners would do well to heed. For example, the Which? investigation exposed a weakness in a Virgin Media router box where the default password had not been changed.
As a result, last month Virgin warned more than 800,000 customers to change their password immediately after the security exercise found that hackers could access and steal their personal details. The fact is that once a cyber-criminal cracks the password to a router, they will have access to the houseâs wi-fi network and can control devices that donât require a password.
Perhaps the most disturbing Which? finding was the ability of hackers to take control of the internet-connected CloudPets toy.
The team found that having taken it over, they could use it to send commands to the Amazon Echo home hub. This included using its âvoice purchasingâ system to order cat food online.
While Amazon points out that users can switch off the shopping function on the Echo so you canât make purchases by voice command alone, experts fear such gadgets are obvious target for hackers.
Dr Jason Nurse, from Oxford University, says crooks could make the devices record all the time â" without the owners knowing.
âThey could hear you discussing your holiday plans, so they know when you are away and could burgle you,â the cyber-security expert recently told the Cheltenham Science Festival.
âThey may hear you buying something on the phone, giving away your credit card details. You should think twice about what you say in front of these devices.â
The ease with which routers and other devices such as smart TVs can be hacked has also been charted in a series of documents leaked by the website Wikileaks.
These suggest they could be â" indeed already have been â" exploited by domestic and foreign security services. In March, the Wikileaks documents indicated Samsung TVs had allegedly been hacked by MI5 and the CIA so their built-in microphones could be used to monitor suspects. It is alleged MI5 created a âfake off-modeâ which let owners think the device was off, when it was actually bugging them through a microphone used in voice-activated control.
Then, last month, a further cache of leaked CIA documents appeared to show the agency has been hacking into peopleâs wi-fi routers and using them as covert listening points for up to a decade.
The routers could then be used to spy on the activity of internet-connected devices such as smartphones, tablets and computers.
Returning to the Which? investigation, it also found a flaw in home CCTV camera systems, increasingly popular with famili es who use them to keep an eye on their property when they are out. It said: âThis a real privacy concern and we found thousands of similar cameras available for anyone to watch the live feed over the internet. Worse still, the hacker can even pan and tilt the cameras to monitor activity in the house.â
The ease with which these cameras can be compromised matched the Mailâs own investigations.
We accessed a Russia-based website which aggregates footage around the world. It calls itself the worldâs largest directory of online surveillance security cameras. In the past it has come under fierce criticism for broadcasting webcam footage that included everything from sex in private homes to children sleeping.
It now claims to filter the footage so that ânone of the cameras... invade anybodyâs private lifeâ. Locations attributed to the cameras, it says, are accurate only âto a few hundred milesâ.
The Russian website has come under fierce criticism for broadcasting webcam footage that included everything from sex in private homes to children sleeping
But in reality it took only minutes to identify a number of firms whose cameras had been compromised. One camera, attached to an exterior wall at the business in North Yorkshire, showed the comings and goings of staff and goods into its workshop.
A reporter was sent to the firm to alert them to what was going on. As he approached the business he could be watched, live, on the website in real-time.
The owner of the business, which the Mail has chosen not to name, said he had no idea that the camera was being used in this way. âObviously it is a massive safety and security concern for us,â he said. âIâm shocked by it really. We will have to sort it out and change the password or something .â
Equally surprised was the company in London selling cigars and whisky. This time the camera was located with a clear view of the till. Again, the firm was completely unaware of the footage.
But CCTV cameras are now just the tip of the iceberg when it comes to connected devices.
Last October, a major cyber offensive used the âinternet of thingsâ to target internet giants Twitter, PayPal and Netflix. It is believed the disruption was caused by hackers hijacking hundreds of thousands of internet-connected webcams, baby monitors and cameras, and spreading malicious code to the vulnerable devices. They then used them to swamp websites with so much traffic that they became overwhelmed and froze.
Such attacks can be used to threaten businesses and force them to hand over cash âransomsâ.
âNo one is suggesting that hackers will want to break into your toaster or kettle to steal personal data,â says Professor Woodward.
âBut your internet-connected kettle has quite a lot of processing power in there. So what is happening is they are being co-opted to attack other things. Your kettle could be damaging someone elseâs computer without you knowing it.
âEach gadget might send a small amount of data. But put them all together and it is like insects, it is a swarm, it is overwhelming.â
To protect yourself, Professor Woodward has two bits of advice. First, change the default log-ins and passwords to connected devices. Second, where possible, place sticky tape over cameras and microphones to prevent them recording what you are doing.
Which, for a high-tech problem, is a rather low-tech solution.
0 Response to "How criminals use household gadgets to spy on you"
Posting Komentar