The need to be wary of smart device security was illustrated recently with the hacking of a smart child day care camera called NurseryCam.

The hacker gained access to real names, usernames, passwords and email addresses for 12,000 NurseryCam users' accounts and then dumped them online. To highlight the attack the hacker then contacted The Register, a high profile trade IT publication, and told them about the breach.

NurseryCam is owned by FootfallCam and Meta Technologies. FootfallCam has a bit of form with security vulnerabilities which is possibly one reason why the hack was made public.

A FootfallCam corporate customer reportedly said that over the four years the devices were used a number of security flaws were highlighted to the company.

A NurseryCam user also said vulnerabilities were reported to the company in 2020. Other parents said they had reported insecurities in 2015 and 2019 which were then patched by the company.

Bigger issues

The problem with many smart devices is that they have poor cyber security. Device manufacturers are keen to get their products to market as quickly as possible but they are not cyber security experts and protecting a device is often not uppermost in the manufacturing process.  
 
  • A hacked smart device allows an attacker to gain control of its functions.
  • Smart devices often record and stream sensitive data and if the device isn’t properly secured this data can be hacked.
  • Cybercriminals can hack thousands of poorly secured smart devices near simultaneously and bring them together into a botnet network. Botnets can be used for a number of things, such as launching mass scale phishing attacks and DDoS (Distributed Denial of Service) attacks to bring down online services.
When buying a smart device there are a few things to establish to ensure it is secure:
  • Can you change the default user/admin name and password? This is important because smart devices with default user/admin names are easily hacked.
  • Is the device’s operating system/software easily updated?Does the manufacturer apply updates automatically or do you have to do it yourself? If so, do you receive update alerts and how easy is it to apply updates without technical knowledge?
  • How secure is data storage and transfer? Data needs to be secured with encryption so it is protected when it leaves the device, arrives at the manufacturer’s server and when in transit across the internet.