Security News > 2021 > February > UK's National Cyber Security Centre sidles in to help firm behind hacked NurseryCam product secure itself

The UK's National Cyber Security Centre is now helping IoT gadget firm FootfallCam Ltd secure product lines following the recent digital burglary of its nursery webcam operation.

Company director Melissa Kao confirmed to The Register that the NCSC, a sibling of UK spy agency GCHQ, was helping the company shore up security after its NurseryCam product was hacked last week.

As its name suggests, NurseryCam is a product deployed in daycare centres so parents can have a look at how junior is getting on.

The company needs NCSC's help: although we previously reported that users' passwords were hashed in storage, emails from the company shown to The Register by horrified parents confirmed that they were being stored without any encryption at all.

The point of access was, we were told, a poorly secured Odoo business apps server instance that used a default admin password for its web interface, seemingly relying on security through obscurity.

IoT infosec researcher Andrew Tierney, who closely scrutinised the NurseryCam product, confirmed to The Register that the Odoo instance existed not long after we were tipped off about it, though it has since been made inaccessible.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/02/25/ncsc_nurserycam_security/