A study by Which? magazine and reported widely online has found security flaws in some video doorbells, such as weak password policies or a lack of data encryption. These, according to the study, are putting consumers at risk of being targeted by hackers from within their homes.
Barry McMahon, Senior Manager, Identity and Access Management at LastPass by LogMeIn said of the news: “With the proliferation of connected devices, smart technology is now prevalent in our everyday lives, and only requiring users to input a login ID and password risks hackers gaining access to users’ personal data.
“Poor password hygiene, whether it’s failing to change default passwords or using weak or repeated credentials greatly increases the chances of users being hacked. Every account with a password is a potential access point, and the only way to change people’s habits is to educate and provide easy-to-use tools and apps. Multifactor authentication, for example, provides users with that extra layer of security, requiring them to verify their identity with factors such as biometrics and protecting them from the risk of weak or compromised credentials.
“Bringing connected devices into the home shouldn’t make people feel unsafe. Smart Technology businesses would be wise to ensure that multifactor authentication is required for all devices to further protect customer privacy and personally identifiable information. This will help to make connected devices more secure and ultimately, keep users safe from hackers.”
Tomáš Vystavěl, Chief Product Officer at 2N, also commented: “Installing a smart doorbell offers users convenience, flexibility and home security. But as Which? has identified, consumers must look for excellent security standards, not just a good user experience. No one wants to unwittingly give hackers opportunities to access their personal information. Consumers are strongly advised to do their research before choosing a video intercom device.”
Tomáš advises that installers and customers should follow these simple rules:
- Choose a reliable, bespoke security solution tailored specifically for ICS environments that keeps your network secure at all times.
- Create an independent network – dedicated exclusively to devices that handle sensitive information; using the virtual LAN (VLAN) and ensure that manufacturers of installed devices or software use implementation protocols such as HTTPS, TLS, SIPS or SRTP by default.
- Protect the IoT ecosystem: create a separate network for IoT devices, choose a strong password for the router, never install new electronic devices without checking the manufacturer and security standards.
- Create different accounts with different privileges: a user will only be able to make changes related to their specific tasks, while the administrator will be given greater privileges to manage the building and all linked accounts.
- Update the software regularly: installing the latest firmware version on devices is important to mitigate cybersecurity risks. Each new release fixes bugs found on the software by implementing the latest security patches.
- Use strong complex passwords of at least six characters and consisting of a combination of numbers, letters and symbols.
- Conduct regular security audits of the IT infrastructure to identify and eliminate possible vulnerabilities.