POLICE ADVISORY – SECURING OF SMART HOME DEVICES INCLUDING IP CAMERAS

The Police would like to highlight to the public the importance of securing your smart home devices, e.g. Internet-Protocol (IP) cameras, smart TVs, digital locks.

IP cameras are commonly used to keep a lookout on our property, family and even our pets. These cameras are remotely accessible, providing users the convenience to have live video and audio feeds via a mobile application or an Internet browser. However, the cameras can also be accessible by third parties if the default passwords are not changed or may even be compromised by cybercriminals if they are not adequately secured. This can result in a loss of privacy such as having IP camera video footages being leaked online, etc.

Besides IP cameras, we are also using more smart devices in our homes such as digital locks, smart home hubs, smart TVs and other household electronic items as we adopt a digital lifestyle. These smart home devices may also have inherent vulnerabilities, which would result in intrusion of our privacy, data breach of our personal or financial information, or even monetary losses when the cybercriminals make use of the ill-gotten personal information to perform unauthorised transactions.

Members of the public are advised to adopt these crime prevention measures when using smart home devices:

  1. The Wi-Fi router is the doorway to your smart devices. Check your Wi-Fi router for an option to create a guest network under the same router for your smart home devices. Should this guest network be compromised, the hacker would not have access to the more important devices you place on the main network, such as your laptops or smartphones which contain private information.
  2. Use a secure Wi-Fi connection when accessing the smart devices via their mobile applications. The devices’ mobile applications may not provide the same level of security as the websites. Your devices could still be compromised when you use the mobile applications on an unsecured Wi-Fi network.
  3. Change your Wi-Fi router and smart device’s default name, which is usually its make and model. With details on the make and model, a hacker may be able to look up the default login username and password, and easily gain access to your smart device or network.
  4. Many smart devices come with weak preset passwords that can be easily found on the internet. Change the device’s preset password to a strong one when you first connect your smart device to your home network.  Maintaining strong password security is critical, so never reuse the same password on various devices. You may use a password management tool to help manage all your passwords or check with your device manufacturer if in doubt.
  5. Enable 2-Factor Authentication (2FA) if the feature is available for your device.
  6. Patch and update the firmware regularly. As the patches and updates may not take place automatically and you may not be prompted about them, do perform regular manual checks.
  7. Disable features in the smart devices that you do not use to block potential entry points into the devices or your network. For instance, smart TVs and speakers may come with voice control, a feature which you may not use.  An active microphone, if compromised, can be used to pry into your conversations.
  8. The Cyber Security Agency of Singapore (CSA) has launched the Cybersecurity Labelling Scheme (CLS) for consumer smart devices to help consumers identify products with better cybersecurity provisions and make informed choices. CSA has now extended the scheme to cover all categories of consumer Internet of Things devices, such as IP cameras, smart door locks, smart lights and smart printers. With more secure products coming onto the market in time to come, consumers will be able to look out for these products when they are making a purchase decision.
  9. For more information, please visit CSA CLS’s official website at go.gov.sg/csa-cls.

Specifically for IP cameras, the public should adopt the following additional measures:

  1. Ensure that the camera is set up to require a password to access it. Check the camera’s user guide for directions.
  2. If the camera has a feature which encrypts data transmitted via the Internet, turn this feature on. The URL of the log-in page for the camera should begin with ‘https’. Doing so ensures that the username and password entered would be encrypted, making it difficult for cybercriminals to access them.  After logging in to the camera’s webpage, the URL should still begin with ‘https’, indicating that the feed is encrypted.

If you wish to provide information related to such crimes, please call the Police hotline at 1800-255-0000, or submit it online at www.police.gov.sg/iwitness. If you require urgent Police assistance, please dial ‘999’.

 

 

Source: Singapore Police Force