If you bought a new ‘smart’ TV, webcam or baby monitor during Black Friday weekend, be sure to change the device’s default password or you “will roll out the welcome mat for potential voyeurs, robbers, blackmailers and other criminals,” according to Sen. Chuck Schumer.
The posting last week on a Russian website of live video streams from inside thousands of homes is a stark warning to consumers about the security risks posed by these devices, which come equipped with cameras and Internet access, Schumer said yesterday.
The Russian website www.insecam.cc streamed live footage from thousands of cameras that were hacked into around the world, Schumer said. Russian hackers broke into over 70,000 cameras worldwide, including over 4,000 cameras in the United States, by using camera manufacturers’ default passwords.
Most of these devices come set with a default password. When unsuspecting consumers fail to change the default password, they are vulnerable to hackers, the senator said.
“Hackers were able to access cameras when default passwords set by manufacturers remained unchanged once set up in a home or business,” Schumer said.
The senator is urging device manufacturers to adopt improved safety and security standards to help prevent hackers from breaking into individuals’ camera-enabled devices. Manufacturers should require consumers to automatically set a unique password when installing one of these products, Schumer said.
Schumer first called attention to the security and privacy risks posed by ‘smart’ TVs in August 2013.
‘Smart’ TVs pose another privacy risk: they collect sensitive data that could be exposed if the devices are hacked, Schumer said.
“According to experts at the Liberty and National Security Program at the Brennan Center for Justice at NYU School of Law, ‘smart’ televisions log the amount of time you watch TV, the content of what is being watched, and more. These devices also record which apps the owner uses, detects content in particular email messages and which websites are visited, and ignores ‘do-not-track’ requests,” Schumer said. “Smart televisions utilize facial and voice recognition through built-in cameras and microphones, and anything detected through those devices can be captured and transmitted to a third party as privacy and security policy currently stands.”
The insecam website has announced that it’s removed streams from all hacked cameras and is now only streaming feeds from public cameras.
