The Human Factor Remains the Weakest Link
25 years ago, the arrival of Big Brother on Italian television screens represented a major innovation in the world of communication. Until then, TV had remained in the realm of fiction and shows specifically created to entertain viewers.
The show, which first aired on September 14, 2000, launched a new format, “reality TV” (television reality), where people’s lives themselves, in their most intimate and daily moments, become entertainment. A kind of giant keyhole through which everyone could look.
It’s no coincidence that the show was inspired, even in name, by the dystopian novel 1984 by George Orwell, in which, under a totalitarian regime, the ruling Party, led by “Big Brother“, constantly monitors citizens through the Thought Police and cameras.
Of course, although one might think that reality shows tell stories inspired by the real lives of their characters, they are still television products and, as such, far from authenticity.
Meanwhile, however, to satisfy the forbidden desire to watch others in their private moments without being seen, technology has opened the real keyhole: cameras. These tools are increasingly used by citizens and often installed in private spaces with the aim of protecting security.
According to data from an IoT (Internet of Things) monitoring systems platform, Italy has over 74,000 webcams that are “exposed,” meaning accessible without special skills. The most “spied on” cities are Rome and Milan, with more than 10,000 cameras each.
Privacy violations, besides making victims’ personal and family spheres vulnerable, can expose vehicle license plates, safe codes, passwords, and can even reach, through Internet-connected baby monitors, into children’s bedrooms. A frightening prospect.
Supporting criminals hunting for images to steal are platforms, both free and paid, that function as real search engines for connected devices. The fact that using them for spying purposes constitutes a crime certainly doesn’t discourage the most cunning and motivated cybercriminals.
This is an issue that has been raised multiple times and recently reopened following the case involving Stefano de Martino and his partner Caroline Tronelli who suffered a breach of their surveillance system in a private space. The intimate images of the couple were stolen and spread on social media by cybercriminals who are now under investigation by the prosecutor’s office.
As reported on Corriere.it,
“The investigation focuses on how it was possible to create a breach in the surveillance system. The monitoring of the 22-year-old’s residence was programmed through a network of internal cameras.”
As the host explained in the complaint, the system is connected to a modem, linked to the Tim network. This would have been the entry point that allowed the cybercriminal to access the inside of the home. The Privacy Authority has also been involved in De Martino’s complaint, specifically to facilitate the deletion of the images. The Authority has warned that anyone participating in the video’s distribution will incur a penalty.
In short, yet another case of violation that, besides filling summer news headlines, reminds us that what should be security devices for homes or workplaces can easily transform into windows through which private life moments can be not only spied on by strangers but also shared, perhaps without the victims’ knowledge, on various social platforms.
But why is it so Easy to Hack Cameras?
The answer often lies in incorrect device configuration and management. Once again, it’s the human factor that opens the doors to opportunistic criminals: excessive carelessness, distraction, underestimation of risk, lack of adequate knowledge – all elements underlying the most common mistakes.
Among these:
- keeping the manufacturer’s default access credentials (e.g., “admin/admin”);
- keeping remote access functionality active, often unknowingly;
- incorrect router configuration that can automatically activate protocols that open so-called “ports” in its firewall, making the camera accessible from outside;
- missing or incorrect configuration of the option that allows webcams to transmit video in real-time without requiring authentication.
In general, it can be said that often, excessive security systems, complex configurations, and data to monitor can exceed human capacity for effective management.
Added to this is the fact that too many alarms can overwhelm operators, leading to an increase in false positives and a decrease in the ability to recognize real threats.
The result is a true paradox: an excessive increase in security measures can lead to greater complexity and vulnerabilities, which not only reduce security itself but expose users to increased risks of privacy violations.
What should be Done then to Avoid Danger? First, Implement Basic Protection Measures:
- immediately replace default credentials with strong and unique passwords
- carefully check camera and router settings to disable unnecessary remote access features or configure them securely
- ensure that camera firmware and software are always updated to the latest versions released by the manufacturer
- replace a camera if it has become too old or if the manufacturer no longer releases security updates.
All these actions once again spotlight human behavior and the need to approach the various technological tools that have become part of our daily lives with great awareness and sense of responsibility.
The Cyber Guru platform focuses precisely on these aspects, aiming to strengthen user awareness through:
- Knowledge: providing users with the necessary understanding to comprehend threats.
- Danger Perception: developing the ability to recognize current and future risks.
- Readiness: improving the ability to correctly react to security incidents.
Technology, in fact, is neutral in itself. The risk that derives from it lies, most often, in a lack of awareness and an incorrect or superficial approach . Strengthening the human factor thus remains the most important challenge to make our private and professional worlds impenetrable, secure, and cybercriminal-proof.