Criminals can watch baby monitors and smart cameras over the internet by default, security chiefs notify.
The National Cyber Security Centre (NCSC) is cautioning people to adjust the settings after buying them.
Easy-to-guess default passwords might permit a hacker to see a home via connected devices secretly, it said.
Dr. Ian Levy, The NCSC’s technical director, warned though the devices were “fantastic innovations,” they were susceptible to cyber-attackers.
There are many cases of devices being accessed without permission.
In one instance, the attacker spoke to a young girl, acting as if to be Father Christmas.
In another, a pair from Leeds had been watched thousands of times online without their knowledge.
And security researchers easily penetrated an adult toy that had a camera attached, in 2017.
The new direction for owners of smart cameras proposes three steps:
- changing the default password, which is usually an obvious word like”00000″ or “admin” to a difficult, unique one
- maintaining the camera’s software, occasionally called firmware, updated
- turning off features that let you check the cameras distantly if you don’t need or use it
This warning suggests rising concern about the possible dangers posed by the “internet of things”.
As connected devices crawl into people’s homes and daily lives, cyber-security risks are becoming strongly personal, with challenges in guarding people’s data and privacy.
Cameras that deliver details of what is going on inside your house are a primary example.
One of the issues is the companies making these gadgets often try to make them cheap and fast to seize the new market – and security is often a second thought if it is thought about at all.
The problem is moving towards not just more warnings such as this one but also new laws to assign security standards.
Consumer group Which?, which has emphasized security flaws in the past in children’s toys and other smart devices, supported the new advice.
It declares “mandatory security requirements and strong enforcement” are needed.
In January, the government publicized plans to bring in a new law to require all makers selling smart devices in the UK to follow new rules.
But while such rules are “a positive step”, some experts believe they could go further.
Extra steps could include mandatory two-factor authentication, according to Blake Kozak, a smart home expert with Omdia.
“More comprehensive legislation will be needed to implement best practices by brands, from the constituents in the devices to the security of data centers,” he said.
The NCSC’s newest guidance also suggests disabling UPnP (universal plug and play) and “port forwarding” in the settings of your internet router – technologies usually used by legitimate services such as online gaming.