In the last couple years, I’ve often spoken about the issue with manufacturers giving almost anything Internet access – and why I think in some cases it’s a bad idea.
Today comes another story that demonstrates why such features need to be carefully considered.
Global News has reported that an Internet-enabled camera used to monitor a nursery activated while a parent rocked their child to sleep.
Police said that the camera’s built-in speaker played music and a voice could be heard, telling the parent and child that they were being watched.
An investigation into how this happened discovered that the home’s router had been hacked.
Unfortunately, there isn’t any information on how the router was hacked.
As I’m not a parent, I’m not exactly in a position to comment on the modern-world’s need for an Internet enabled nanny-cam. I will, however, comment on Internet-enabled devices in the home.
Fridges, microwaves and even toilets are now regularly built with Internet-enabled functionality. With the Internet of Things ramping up, there are generally valid reasons for this. My issue is that a large proportion of these devices are shipped with default usernames and passwords to make it easy for the customer to set up, which is fine.
But who actually goes through and changes default settings? I don’t have the numbers, but I’d assume very few. By not changing the default login credentials for their devices, people are leaving them vulnerable to compromise.
Who’s to blame?
It’s certainly a debatable subject. I wouldn’t expect my over-70s grandparents to know how to change the default password on their Internet-enabled toilet (no, they don’t have one), but I also wouldn’t expect the manufacturer to hold their hand while they change it.
I’m keen to know who you think should take responsibility – leave your comments below.
My suggestion, which may or may not be supported by others, is that default credentials should not exist. Make the customer create their own credentials, and it’s up to them how secure they make them.