The study reviewed the modelsfor standard security weaknesses, such as hard-coded accounts with defaultpasswords, unencrypted video and audio feeds, commands sent in clear text overthe Internet, and accessing to receive unauthorized control through remotedevices and similar kind of interfaces.
Basic fact is vendor disclosure process is well established and clearly focused onensuring its devices are safe for consumers. Attackers may be able toleverage an exposure or vulnerability to gain and maintain persistent access toan IoT device. A compromised device can be used to pivot to other computers ornetworks by taking advantage of the unsegmented, fully trusted nature of somenetworks. This can put multiple networks to which the device connects, and theresources provided through those networks, at riskAlternativesGood alternative to wireless devices are wired intercom systems whichare connected via cable or the existing electric circuits of the apartment.There is also the option of wired surveillance cameras.
These systems includecameras and small screen, giving you the ability to have visual and auditorycontact with your child’s room. if intercom system is battery powered orhard-wired into the wall. Systems that use wall outlets or batteries requirelittle technical skills to remove, while systems that are hardwired into yourwall will be more complex to remove so alternatives are possible right now.
Proposed SolutionAsper case study Rapid7 is a leading provider of security data and analyticssolutions that enable organizations to implement an active, analytics-drivenapproach to cyber security. We combine our extensive experience in securitydata and analytics and deep insight into attacker behaviors and techniques tomake sense of the wealth of data available to organizations about their ITenvironments and users. Based on research solutions empower organizations toprevent attacks by providing visibility into vulnerabilities and to rapidlydetect compromises, respond to breaches, and correct the underlying causes ofattacks. If no Internet connectivity and uses encryptionto protect the video and audio stream sent between the camera and a dedicatedhandset. There’s a reasonable chance even these devices will contain criticalweaknesses, but they still represent an improvement over Internet-connectedmonitors, since attackers will have to be in physical proximity of the peoplebeing targeted. RecommendationsYour webcam may have a password, as well.
If so, use it. And, as always, pick a proper password. Don’tleave it blank, and don’t leave it set to the default value, which crooksprobably know already. If you aren’t sure how to set the password, try thevendor’s support forums.
Rapid7 advises people who have alreadybought an Internet-connected device to monitor the manufacturer’s website forany security advisories or patches. The problem with that advice is that peoplein need of a baby monitor usually have their hands full with otherresponsibilities. Strong encryption can pose challenges to law enforcementaccess to data. Rapid7 believes it could play a valuable role in working withcompanies to develop security patching guidelines and organize an industry bodyto foster cyber security standards development and collaboration across vendorsand their supply chains.