Register
 (photo: )
24.11.2020, 12:53

A Statement on Smart Doorbells from 2N

Residential, Data Security, United Kingdom

Tomáš Vystavěl, Chief Product Officer for IP intercoms manufacturer 2N, responds to a BBC News report broadcast yesterday that consumer advice brand Which? is calling on the UK government to safeguard buyers of smart doorbells.

 

Physical and virtual attackers can use intercoms and access control devices to discover passwords, "eavesdrop" on unencrypted conversations and gain full access to data, applications and personal property to perpetrate ransomware and man-in-the-middle attacks, or even sneak into the building.


Installing a smart doorbell offers users convenience, flexibility and home security. But as Which? has identified, consumers must look for excellent security standards, not just a good user experience.

 

The 2N® Indoor View uses 2N’s own operating system to provide users with the highest levels of security and protecting their personal data. No one wants to unwittingly give hackers opportunities to access their personal information.

 

Consumers are therefore strongly advised to do their research before choosing a video intercom device.


Prevention 

The following are high risk factors for security breaches:

  • Flaws in the operating system coding which would enable hackers to gain full access to the intercom device
  • Web security weaknesses that allow an attacker to carry out random operating system (OS) commands on the server that is running an application, thus enabling access to the application and all its data
  • Vulnerabilities in the system that allow a remote attacker to upload a manipulated ringtone file which could enable a complete system takeover
  • Unsecured, non-encrypted communication that allow an attacker to listen in the conversation (man-in-the-middle attack)

 

Additional advice

  • Choose a reliable, bespoke security solution tailored specifically for ICS environments that keeps your network secure at all times.
  • Create an independent network - dedicated exclusively to devices that handle sensitive information; using the virtual LAN (VLAN) and ensure that manufacturers of installed devices or software use implementation protocols such as HTTPS, TLS, SIPS or SRTP by default.
  • Protect the IoT ecosystem: create a separate network for IoT devices, choose a strong password for the router, never install new electronic devices without checking the manufacturer and security standards.
  • Create different accounts with different privileges: a user will only be able to make changes related to their specific tasks, while the administrator will be given greater privileges to manage the building and all linked accounts.
  • Update the software regularly: installing the latest firmware version on devices is important to mitigate cybersecurity risks. Each new release fixes bugs found on the software by implementing the latest security patches.
  • Use strong complex passwords of at least six characters and consisting of a combination of numbers, letters and symbols.
  • Conduct regular security audits of the IT infrastructure to identify and eliminate possible vulnerabilities.

 

 

Article rating:

vote data

Leave a reply

Holding a mirror up to the industry: Jeff Dewing, Cloudfm CEO. (photo: Cloudfm Group)
News Editor  - 31.03.2021

Exposing Widespread FM Failures in the UK

A potentially explosive book by Cloudfm CEO, Jeff Dewing, contains allegations of widespread corporate failings in the UK's £120 billion market for facilities management services.

 (photo: Mindspace)
Efrat Fenigson  - 25.03.2021

Why Employees Need Better Options

Efrat Fenigson, Mindspace VP Marketing, explains why decisions about remote work require companies to look beyond possible financial savings.

 (photo: Compass Group UK & Ireland)
News Editor  - 18.12.2020

Providing 20,000 Meals to Those in Need

The Wimbledon Foundation has extended its support for organisations addressing food poverty at Christmas and beyond as part of its response to COVID-19.

 (photo: CPD Global)
News Editor  - 18.12.2020

Ecolab Named to CDP A Lists

The Carbon Disclosure Project (CDP) has added Ecolab to its A List for Climate, as well as Water Security.

 (photo: Bodet SA)
News Editor  - 17.12.2020

Enhancing Home Worker Visibility

Bodet have extended the coverage of the Kelio time and attendance software solution to staff working at home.