How to protect your router and home security cameras from hackers

0
953

When it comes to digital security, lack of knowledge and complacency can result in serious consequences, including identity theft, financial fraud and a massive loss of privacy.
You try to be vigilant with your computers because they contain so much personal information, but chances are you don’t have the same level of diligence when it comes to your router and home security cameras. Hackers are counting on this.

Router security must be taken seriously
A router is essential to your home wireless network, but most people are clueless about router security. They don’t do the two things that can prevent a hack attack: Change the default password credentials and update the firmware (the router’s internal software).
“Most people buy a router, plug it in, they connect everything they need to connect and they don’t think about it again,” said Lawrence Abrams, founder of the website Bleeping Computer.

Remember, your router is a singular point of vulnerability — the one pathway for all your home’s wireless devices that connect to the internet via your home Wi-Fi.

“If an attacker gets access to that router, they have access to your entire internet life,” said Charles Henderson, head of IBM’s X-Force Red security hacking team. “Most people aren’t going to fix something unless it’s readily apparent that it’s broken, and router vulnerabilities often hide in plain sight. If internet access works, most people assume there’s nothing to fix.”

Router manufacturers don’t always promote security
Most internet service providers now offer a single device that contains both a modem (it connects you to the internet) and a router (it enables all the wireless devices in your home or office to use that internet connection). Some people purchase their own modem and router to eliminate the monthly rental charge. Others buy a router to improve the wireless coverage they get.

Consumer Reports recently released the results of its router testing and found that “many wireless routers lack basic security protections.” CR’s new Digital Lab rated the routers on security and privacy, as well as performance. Only a few models did well in all three categories.

Among the key findings:
While some of the 29 routers tested had important security safeguards built in, such as automatically updating the firmware with the latest security improvements, other models tested were missing some basic protections.
Eleven routers “accept very weak passwords that many websites and workplace accounts would reject,” the editors said. For example, they’ll accept passwords with fewer than eight characters or no complexity, such as “aaaaaaaaa,” or “12345678.”
• “One router didn’t require the owner to change the default login credentials from ‘admin’ and ‘password.’”

“Setting up a good password system is not a difficult thing anymore,” said Bobby Richter, head of privacy and security testing at Consumer Reports. “It’s time to implement modern password systems on as many devices as we can, and I think routers are a perfectly good place to start.”

How to protect yourself
There are things you can do to reduce the risk of a hack attack. Consumer Reports suggests:
Update the firmware: Criminals are constantly creating new malware and hacking techniques. Hardware makers respond by pushing out firmware updates. If your router supports “automatic updates,” turn it on. If that’s not an option on your router, you’ll need to go to the manufacturer’s website every few months to check for new software. If the company has stopped releasing firmware, it’s time to get a new router.

Turn off router features you don’t use that could pose a security risk: This would include remote access (often called Remote Administration or Remote Management) and Universal Plug and Play (UPnP). Many routers now have UPnP turned on by default. Unless you have a device or software that specifically asks for UPnP, turn it off, Consumer Reports advises, because “UPnP has a history of serious security vulnerabilities.”

Change default password: You want something long and complex, that’s not obvious to anyone. If you need a little assist, use a password generator.
Security settings: Some new routers support WPA3 encryption. Make sure it’s turned on. If not, choose WPA2. Don’t use WEP, an outdated security protocol. Consumer Reports found that some new models still make WEP encryption an option. If your current router only has WEP or WPA encryption, get rid of it.

Home security cameras
Wireless home security cameras are reasonably priced and easy to install. Unfortunately, they can also be easy to hack, giving a criminal real-time surveillance footage of your home.
“If you’re dealing with a professional thief, there’s tons of intel they could gather,” said James Banta, a former police detective and home security and safety expert at SecurityNerd. “They can case the place without even being there. They’ll know what’s inside, when somebody is home and when the house is empty.”

If that camera is part of a smart home system, it can provide a way for criminals to access and control the entire system. For example, they might be able to turn off the burglar alarm or unlock the doors.

One of the cool features of an internet-enabled security camera is the ability to watch the video in real time. With an app-based doorbell camera, such as Ring and Nest, the risk of a hack attack is pretty low, security experts tell NBC News BETTER. But setting up security cameras on your own and connecting them to your Wi-Fi network is problematic.

“Don’t do that,” Abrams of Bleeping Computer cautioned. “If you can do it, anyone else can do it. By allowing these DIY cameras to be accessible online, you’re just opening yourself up to being hacked.”

How to protect yourself
Reduce your chances of having your home security cameras hacked, by following this advice from Consumer Reports:
Keep firmware up to date: If your camera doesn’t automatically download and install these updates, you’ll need to check. Look for an update button under the settings menu in your camera’s app.
Change default password: As with all your passwords, it needs to be strong and unique and not used for any other account.
Set up two-factor authentication, if available: Enable this security feature and you’ll get a one time-use passcode via text, email, call or authentication app, that must be entered (along with username and password) to log into your account. This can foil a hacker who cracks your password. Without that code, their access is blocked.