Security News > 2021 > February > UK's National Cyber Security Centre sidles in to help firm behind hacked NurseryCam product secure itself
The UK's National Cyber Security Centre is now helping IoT gadget firm FootfallCam Ltd secure product lines following the recent digital burglary of its nursery webcam operation.
Company director Melissa Kao confirmed to The Register that the NCSC, a sibling of UK spy agency GCHQ, was helping the company shore up security after its NurseryCam product was hacked last week.
As its name suggests, NurseryCam is a product deployed in daycare centres so parents can have a look at how junior is getting on.
The company needs NCSC's help: although we previously reported that users' passwords were hashed in storage, emails from the company shown to The Register by horrified parents confirmed that they were being stored without any encryption at all.
The point of access was, we were told, a poorly secured Odoo business apps server instance that used a default admin password for its web interface, seemingly relying on security through obscurity.
IoT infosec researcher Andrew Tierney, who closely scrutinised the NurseryCam product, confirmed to The Register that the Odoo instance existed not long after we were tipped off about it, though it has since been made inaccessible.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/02/25/ncsc_nurserycam_security/
Related news
- Shape the future of UK cyber security (source)
- A closer look at the 2023-2030 Australian Cyber Security Strategy (source)
- The ROI of Security Investments: How Cybersecurity Leaders Prove It (source)
- DOJ: Man hacked networks to pitch cybersecurity services (source)
- Australia Passes Groundbreaking Cyber Security Law to Boost Resilience (source)
- Top 5 Cyber Security Trends for 2025 (source)
- UK Cyber Risks Are ‘Widely Underestimated,’ Warns Country’s Security Chief (source)
- Strengthening security posture with comprehensive cybersecurity assessments (source)
- Overlooking platform security weakens long-term cybersecurity posture (source)