Why are we so ignorant about security?
Two interesting things happened this weekend. The first was a conversation with a person who specialises (somewhat ironically) in security cameras. The second was a TV news report on hacking.
Not a day seems to go by without another story about a security breach. A few weeks back, the "Syrian Electronic Army" managed to take control of the domains for Twitter and the New York Times by tricking a support technician into following an email link. This week, 3 million accounts were compromised when Adobe was successfully attacked.
On the weekend, I met a person who specialised in security camera installations. We got to talking about how the cameras are secured from unauthorised access, and apparently, it's " ...by passwords, and we also install them on unusual 'ports'. It would be very unlikely for someone to guess the port number".
A TV news report this weekend kindly told the public about the search engine Shodan. Like Google, Shodan scours the internet. But unlike Google which keeps records of webpage content, Shodan keeps records of all network devices attached to the internet. And yes, it does search on lots of these supposedly unusual ports.
Most of the network devices Shodan finds are password protected. But many are not. It is very easy to find totally unsecured Network Hard Disks, printers, projectors, home automation systems, webcams and other devices. And by unsecured, I mean a single click gets you into the settings and accessing the data. Turn the projector on/off, read the files, view the cameras ...
Shodan will find a lot more - traffic lights, speed cameras, alarm systems. Most will have some degree of protection, but a lot suffer from poor (or default) passwords or have never been maintained and are easily hacked using known 'vulnerabilities'.
The moral of the story: Don't be ignorant about security. Any device connected to a network is potentially accessible by others, including those outside your environment. The firewalls and security systems you implement must be properly installed, systems must be maintained and passwords should always be used, even on seemingly unimportant devices like projectors ... or the network hard disk with all your personal data.
Adam Feldman, Managing Director
Back to blog listing