Avast Blog_Security News: What is credential stuffing, and why is my smart security c

[harlan4096]

Protect yourself from one of today’s top threats and keep hackers from your security camera accounts

Imagine that the very security tool you put in place to keep intruders out of your home is suddenly being used as a doorway in. This nightmare is a reality for an increasing number of victims.

As reported by The Washington Post, the California mom of a toddler was horrified by this type of discovery. After hearing her daughter repeatedly talk about “a monster” in her room, the woman uncovered something more disturbing. Hackers had somehow taken over the family’s security cam account and started using the intercom feature to transmit pornographic audio into her 2-year-old’s room.

Unfortunately, this experience is not unique. Hackers hoping to exploit weak security features will try to open the metaphoric doors of consumer products like security cams every chance they can. Also, a technique called “credential stuffing” has evolved into an effortless hack for even a novice cybercriminal.

Why are security cams easy to hack?

Security installed on Nest security cams and other IoT consumer devices can create what Silicon Valley insiders call “friction” – barriers that keep a user from having a smooth and successful experience with the product. Examples of friction include too many screens to tap through, too complicated an assembly instruction, too inconvenient a security procedure, and so on. The less friction a product has, the wider its appeal.

Because IoT tech can intimidate anyone who is not digitally well-versed, new products have to seem easy to set up and easy to use. To draw the most customers, some IoT developers choose not to add even basic security setup features like prompting a default password change or 2-factor authentication (2FA). Weak security like this leaves your home network vulnerable to cyberattacks, including one of today’s most popular exploits — credential stuffing.

What is credential stuffing?

Credential stuffing is one of the simplest cybercriminal exploits, a favorite among hackers. Using this technique, the criminal collects your leaked credentials (usually stolen in a data breach) and then applies them to a host of other accounts, hoping they unlock more.

For example, let’s say you shop online at Target, and hackers breach the company’s database. Using your stolen credentials, they can then use credential stuffing to attempt logins on bank sites, social media sites, email servers, and more. If you’re like the majority of users out there, you reuse credentials. Hackers count on it.

Advancements in technology have made it easier than ever to launch a credential stuffing exploit. As TWP reports:

A new breed of credential-stuffing software programs allows people with little to no computer skills to check the log-in credentials of millions of users against hundreds of websites and online services such as Netflix and Spotify in a matter of minutes.

How do I make sure nobody hacks my security cam?

Check out our 5 tips for protecting your security camera from cybercriminals. Critically, make sure you always use a unique, complex password for logging into accounts, such as for IoT devices.

Continue Reading