By Alwyn Scott
A middle-aged man wearing a sweatshirt removes an elderly woman’s clothes and begins wiping her body late one night at a house in Hyogo Prefecture. Could they be mother and son? Soon after, the man fills a washbowl with water and carefully washes her hands. They then eat a meal together. On another day, the woman is seen sitting on a chair for a long time.
These scenes are part of the footage aired around-the-clock on the Internet. For five years and eight months, the two did not realise that their daily lives were being “broadcast live” via a camera set up inside their house.
In March 2008, the man signed up for a service enabling users with computers and smartphones to remotely monitor what elderly family members were doing through footage transmitted from cameras set up inside their homes. The man paid a monthly fee of 840 yen (about $8) for the service provided by a subsidiary of Jupiter Telecommunications Co, Japan’s largest cable TV station.
However, the man did not know that if users do not change the initial settings of the service, the footage will be automatically broadcast online, allowing anybody to watch. To limit access to only the user and the service provider, users need to change the “user management” status. However, a notice to users about the default setting was not easy to understand.
At one point, 125 households were signed up for the service, but nine did not change the default settings. The subsidiary admitted it was at fault, saying, “We should have given a thorough verbal explanation on the matter when the contracts were signed.”
So-called network cameras began circulating in the domestic market from around 2005. According to Yano Research Institute, a market research company, about 400,000 network cameras are now sold annually. Cameras produced by Panasonic Corp — a leader in the field — are all initially set to allow everyone to watch the footage online.
Some websites have even compiled videos from such cameras. One such site shows footage of children taking a nap at a kindergarten in Tokyo and a woman relaxing as a hairdresser washes her hair. Some cameras allow remote users to change the viewing angle or zoom in.
Such risks are not limited to network cameras. The number of electrical appliances connected to the Internet — such as TVs and multifunction printers — has steadily increased.
In February 2013, major household equipment manufacturer Lixil Corp released a high-tech toilet on which users can control the temperature of the toilet seat and the volume of water, using their smartphones as a remote control. However, it took only six months for a security company to discover that the toilets “can easily be controlled from outside” because the initial password for administrators was set as 0000.
“It is not rare to find the passwords of Internet-connected electrical appliances left unchanged from such simple passwords,” said Fumiaki Yamasaki, a specially appointed professor at the University of Aizu who specialises in information security.
According to Yamasaki, it is even easy to find the default passwords for such appliances based on makers or models of machines online.
Despite such concerns, appliances are becoming more IT-friendly by the day. The Electrical Appliance and Material Safety Law has banned such electric appliances as air conditioners and refrigerators from allowing remote access, but the regulations were relaxed in May 2013.
Though nobody is touching it, the steering wheel of a Toyota Prius suddenly begins to rotate rapidly. Then, out of nowhere, the brakes are engaged. When such a scene occurred at DefCon, an annual hacking competition held in Las Vegas in August, the audience was floored.
In this experiment, the vehicle was being piloted by an expert who connected a notebook computer to the Prius. However, according to the expert, the car can be remotely controlled via wireless communication.
The risk of a car being remotely controlled has increased due to the recent development of unmanned vehicles, or so-called driverless cars.
The vehicles are equipped with cameras and sensors to control the steering wheel and brakes through computers. Google has been conducting experiments on public roads to put driverless cars — which can make turns and detect signals without a human driver — to practical use. Japanese automakers have begun such experiments on public roads, eyeing a product release by 2020.
Unmanned driving has been dreamed of as a technology that would allow more disabled and elderly people to drive and alleviate traffic congestion. However, as driving becomes more convenient through the addition of networked features, it will inevitably acquire the risk of being hacked.
“Many people know the risk of personal computers being hacked. However, only a few people understand that similar risks exist with electrical appliances and cars,” Yamasaki said.
WP-Bloomberg
