Poor Password Management Has Led to the Hacking of 50,000 Home Cameras in Singapore

Over 50,000 home security cameras have been hacked and a huge amount of footage has been stolen and put up online. The majority of the hacked cameras are located in Singapore.

The hacking incident involved thousands of cameras that are used by their owners to keep an eye on their homes, their pets and their old parents. Footage of the home owners in compromising poses and situations was put up on pornographic websites shortly after the hack.

The videos range in length from short clips to chunks of over 20 minutes and include private scenes and moments. A lot of the home owners' faces can also be clearly seen in a lot of the footage.

The stolen videos originate from IP cameras that are commonly installed in homes for security and home monitoring. The bad actors behind the attack have been identified as a group dealing primarily with IP camera attacks and operating on Discord, with allegedly over a thousand members all over the world. The stolen footage is being also sold online, with the criminals offering "lifetime access" to anyone who pays $150. They also provided a short sample featuring many snippets and images for any potential buyers.

The criminals claim to have full access to the 50,000 cameras and offer their potential scummy buyers instructions on how to watch live and record video, once they pay the subscription fee to the hackers.

As usual, the issue that led to this security and privacy disaster is poor password management. It would appear a lot of the hacked cameras, if not all of them, were using outdated firmware and had default passwords on them, making them instant targets for hackers.

IoT-enabled cameras have been used for all sorts of hacker attacks in the past, including acting as bots for launching DDoS attacks. A lot of the time, people who buy Internet-enabled devices don't think about them as targets for cyberattacks because they are not a computer or a mobile phone. However, it is exactly this sort of thinking that leads to similar accidents.

Every IoT Device Is a Potential Hacker Entry Point

Every single device you use that is in any way connected to the Internet needs to have its firmware or software updated to the very latest version available from the manufacturer. Even more importantly, default passwords need to be changed immediately after installation. There are countless routers, cameras and smart home devices out there that have their username and password combo set to "admin / admin", and those are exactly the devices that hackers abuse.

The sooner people change their attitude and start thinking about all IoT devices in their home as something hackable that is in need of proper security, the sooner incidents such as the stolen private footage can become a thing of the past.

October 13, 2020

Leave a Reply