After a long tiring day at work, home is the place you want to be. It is our private and secure space, and we feel no one can breach this periphery. However, 50,000 Singaporeans have been robbed of this feeling. The very device that was installed for the homeowner’s security has been hacked. The security home cams that often help office goers to keep an eye on their kids or elders back home have been hacked. Some private and explicit footage stolen from these home cams has landed upon certain adult sites for paid viewership.
- Nearly 50,000 Singapore home cams were hacked and over 3TB of data was leaked.
- A small minority of victims coming from countries like Thailand, South Korea, and Canada are also reportedly affected.
- Cybercriminals have put up a free online demo of 700MB footage consisting of nearly 4,000 clips.
- The duration of these clips ranges from under a minute to as long as 20 minutes.
A Singapore-based tabloid, The New Paper, first broke the story quoting that the unnamed hacker group shared these clips with over 70 members who have paid a premium of US$150 for lifetime access to the entire database. The tabloid also mentioned that the operatives of this gang have an active group on the instant messaging app Discord with nearly 1,000 members from around the globe.
To prove credibility to their claims, the gang is said to be offering a free sample containing 700MB worth of data comprising over 4,000 clips and pictures. In all, it is believed that the videos that range from durations of less than a minute to almost 20 minutes. The stolen data has a collective size of 3TB. Although a significant number of clips appear to be from IP-based cameras in Singapore, a few minute observations in certain videos show that a small minority of victims appear to be from other countries like Thailand, South Korea, and Canada. Experts believe that the cybercriminals are exploiting a vulnerability in a specific brand of home cams that are being majorly used in Singapore.
Apart from this, the cybercriminals are incentivizing people to buy VIP membership to the content by offering free tutorials for VIP members where they would be taught to “explore, watch live, and even record” home cams after hacking. This also means that the number of private videos could grow over time.
Jake Moore, Security Specialist at ESET, said, “As worrying as it may seem, this comes as a clear reminder that when cameras are placed on the internet, they must be properly installed with security in mind. When smart devices are set up, they are still regularly placed around the home with no second thought for privacy.”
Poor passwords, irregular patch application of updates, or a sheer case of penetration into IoT devices, whatever the reason may be, security and privacy of smart devices should never be taken lightly as these can cause major implications in future as evidently seen in this incident.
Xiaomi Security Camera Bug Shows Other Homes’ Camera Feeds