These days it seems like everything is connected to the Internet. Door bells, cameras, and even coffee pots are part of the “Internet of Things”, a vast array of devices that have WiFi capability. Unfortunately, like most things on the Internet, there is a dark side. The majority of these devices are made in China, and other parts of Asia, to keep them cheap. In many cases no thought is given to security and often the same password is used on all the products from a given company.
We all hate passwords. To be secure they need to be nearly impossible to remember, and it’s almost required to have a different password for each location. When you unpack a product that has the password printed in the instructions, it’s very tempting to plug it in and go, leaving that password in place. Hackers love that. If your network is not fully secured, and most are not, they can search for cameras, baby monitors, and other connected devices. Using the default password they can connect to these devices and change the software inside that makes them work. This gives them full control without you knowing a thing about it.
Sometimes they use this control to capture data. There has been at least one camera manufacture that was found to be uploading every image their cameras captured to a central server, all without asking for permission. Baby monitors are very popular for capturing conversations in the home where they are installed. That camera installed in your computer may be watching you! Some people keep a Post-it stuck over the camera lens when they are not actively using it. Even so-called “smart” TVs are getting into the act. Some track the programs watched and sell the information, and some can actually be hacked to spy on you.
Invasion of privacy is only one problem, though. A far more widespread use of hacked devices is to make them part of a huge network of robots. These “bot” networks are huge, comprised of hundreds of thousands of devices. The hackers that control them can use them to attack websites, crack passwords, or even “mine” cryptocurrency like BitCoin. The owners are unaware that they are unwittingly aiding criminal acts. Has your network been getting slower since you installed those security cameras? Does it take a long time to connect to websites? Your bandwidth may be going to the botnet.
The obvious solution is to simply unplug the devices, reset them to factory state, and start over. If you don’t immediately change the password, though, they will be reinfected quickly. One of the main jobs assigned to bots is to actively search for other devices to infect, so in just a few minutes a device will be compromised again. Changing the password to something different from the default is one way to avoid that. A firewall is also helpful. Most computers have a firewall installed by default, but all of the connected devices are outside the firewall, which makes them vulnerable. Installing a firewall at the router is well beyond the scope of this post. Consult the family or neighborhood I.T. professional for help with that. Before buying a new connected device, do a search of the brand and model to see if it has a history of being hacked. If you don’t need a device to be connected to your network, don’t give it access by entering the WiFi information.
The Internet has given us many benefits, but we should heed Sgt. Phil Esterhaus’ words: