The Police post foiled one webcam network who sneakily spied on Italians at home or in the changing rooms of gyms and swimming pools. The ‘voyeurs’ only had to pay a subscription from 20 euro to have access via Telegram to private moments in the life of strangers. Alessio Aceti, CEO of Sababa Securityexplains the Spycam threat and how to manage this type of risk.
Sababa Security comments on the Spycam network, which spied on Italians
The CEO of the security company Sababa Security (who recently spoke to us about Cyber Intelligence with an expert), starts by observing the situation: technology and cameras are now everywhere. “Today we are surrounded by various types of “smart” devices such as smart intercoms that allow us to answer the courier remotely. Or even the IP cameras that allow us to comfortably monitor our home and our children from our smartphone up to washing machines, boilers, refrigerators, home automation and alarm systems that are controlled by apps and through the internet “.
However, Aceti explains that “The first important point to take into consideration is that users, as well as companies, are not aware of the risks associated with these devices. Today anyone who uses a PC or a smartphone knows in some way the security risks even for all the news we hear every day relating to ransomware and other cyber attacks “. Instead “The “smart” systems, on the other hand, are considered by users, especially domestic ones, as “disconnected” objects.
How do hackers access webcams?
The CEO of Sababa Security explains to us that there are two main mechanisms for which hackers like those of Spycam they use to gain access. Vulnerabilities are often exposed online. “These IoT devices, if published on the internet, are constantly indexed by” internet scanners “such as Shodan.io”.
Alternatively, they find contacts after a supply chain attack. Attacking them is easier because “they are often managed by the so-called“ shadow IT ”. For example, the camera and access control systems are managed by external contractors, who do not update the devices and maintain the same credentials on all customers. In addition, these devices are often old and “out of support”, so the manufacturer no longer releases updates “.
How to protect yourself?
Aceti explains that for us consumers, attention must be maximum. Indeed “private users should update devices regularly, use strong passwords. And consult an expert in case of doubts and do not publish any type of information on the internet. If you use external installers, you need to find out which is the correct way to protect yourself from cyber risks. Furthermore, it is always better to use well-known brands: Alexa is better than the Chinese device bought on Alibaba “.
For companies, on the other hand, it is necessary to turn to experts such as those of Sababa Security, capable of
- offer an inventory of all smart / iot devices connected to the corporate network
- manage firmware updates for these devices
- knowing how to manage vulnerabilities
- manage devices out of support from the manufacturer
- identify any use of default credentials
- manage credentials, and provide secure access to colleagues and external suppliers, without compromising the integrity of the credentials themselves
Find more information on the Sababa Security website.