A surveillance camera system will have to be shut down for kindergartens in the UK as a serious data breach threatens privacy. A security hole in the monitoring system, known as a nurserycam, reveals the credibility of the participating parents. First IT portal The Register gave information about this.
Free login password
NurseryCam is set in a variety of kindergartens in the UK and allows parents to see their descendants from afar, as they have departed from there. To do this, it uses multiple cameras and a digital video recorder (DVR). To that end, the company behind the FootfallCam monitoring system provides parents with login information. However, a serious security hole in the system has led to the fact that data from parents’ accounts can be read in a will – including a username, password, real name, and email address, to register reports. The company then informed the affected people and shut down its server until the problem was resolved. There are 40 kindergartens affiliated in Great Britain.
An unspecified person made NurseryCam aware of the security gap and asked them to improve security. The company announced that the person – apparently a well-meaning ‘white hat’ hacker – had behaved “responsibly” and apparently did not want to do any harm to the data. In addition, the company believes that neither the kindergarten children nor the employees were seen illegally, but provides no evidence to support this notion. The BBC quoted the company as saying that it would shut down the server as a precautionary measure.
Administrator access to all
The company also informed the British Information Commissioner’s Office (ICO) about the incident. Companies in the UK are required to report data breaches of “significant impact” to the ICO within 24 hours. NurseryCam itself was reported to have a security vulnerability on Friday.
However, as the register continues, the security of the camera system was already clear. Everyone was able to gain administrator access through the respective mobile app and thus avoid logging in as a user. It is said that the company was made aware of this in early 2015, but narrowed the search and later closed the drawback.
IT security specialist Andrew Terni (also known as “Cyberg Ribbon”) also came to know of the vulnerability in NurseryCam and also contacted the person who discovered the vulnerability. He published a warning to everyone using the system, in which he described in detail the functionality and weaknesses of the system (and also addressed differences from 2015).
Organizer. Zombie aficionado. Wannabe reader. Passionate writer. Twitter lover. Music scholar. Web expert.