Personal data stores found leaking online
RPS can report that a BBC investigation has shown that thousands of Britons could be inadvertently sharing their digital secrets with anyone who knows where to click.
At risk are photographs, home videos and music collections as well as scans of documents such as passports, tax forms and other sources of personal data. In some cases, back-up files are being made available that, if downloaded and restored, could let attackers take over a victim's online life.
Security firms suggest that attackers have already found out about this easy-to-access source of saleable data and are starting to actively seek it out and share it.
Those at risk are people who use home data storage devices known as Network Attached Storage (NAS). Correctly configured, these devices act as a common data store accessible by any other device connecting to that home network.
However, many people have set them up incorrectly and have accidentally made this data accessible not just to their home network but to the internet at large. Visiting this data is as easy as visiting any other webpage.
Private files
To find out how many people are accidentally sharing their data online, the BBC turned to the Shodan search engine. While Google, Bing and others seek out data on the net, Shodan looks for devices.
In the past, security researchers have used Shodan to expose insecure and poorly protected computers controlling industrial plants, power plants, heating and ventilation systems and CCTV streams.
Working out which ones of these are sharing personal data is difficult because British computer misuse laws do not allow the BBC to visit them to see which are happy to share data with anyone.
Independent corroboration of the BBC's findings has been given by security firm Digital Shadows. Among other things, the firm helps large businesses find out how much information about them is being shared online. As part of this work, Digital Shadows carries out surveys that seek places where internal data leaks out on to the net.
People should check to ensure that their files are configured to surrender data only to devices within their home network, he said.
The default state of many devices is to share widely and often owners have to make a specific choice to restrict access.
Network-attached storage uses cheap hard drives to form a large data store.
One such attack took place in February when Poland's Computer Emergency Response Team reported details of an attack on routers that installed snooping software on vulnerable devices. This software watched data traffic passing out of the device, grabbed any that related to online banking and passed it back to the gang behind the attack.
Unfortunately, he said, the poor security on many routers meant that success was almost guaranteed for attackers that targeted home hardware.
"Manufacturers could make them better but it would cost them development time and money," he said. "I have not seen any that do things like encrypt passwords and all are designed to use just rudimentary security controls."
It is worth consumers taking a little time to protect themselves, says RPS.
For any travel or security advice please contact RPS at [email protected]
To read the full article please view here: http://www.bbc.co.uk/news/technology-28707117
Photo: with thanks to Thinkstock