IT

Security Camera Hacking: It Can Happen You.Here’s how to stop this

Chris Monroe / CNET

Installing a Wi-Fi-connected security camera in your home doesn’t necessarily bring a wave of hackers to your network, but it’s surprisingly common to lose privacy due to security flaws in your device. last year, ADT Home Security The customer noticed an unfamiliar email address connected to his home security account. This is a professionally monitored system that includes cameras and other devices in your home. That simple discovery and a report to her company about it began to beat a long line of dominoes. Spy technicianOver the course of four and a half years, we’ve seen hundreds of customers lead their private lives, undress, and have sex.

ADT says it has closed a loophole exploited by technicians and implemented “new safeguards, training and policies to enhance account security and customer privacy.”But privacy invasion Not specific to ADT Several Vulnerability It’s harder to protect than others.

Whether you use a professionally monitored security system such as ADT Comcast Xfinity Also Vivint, Or there are some stand-alone cameras from off-the-shelf companies such as ring, Nest Also ArloHere are some ways you can help protect your device security and data privacy:

Is my security system vulnerable?

It is helpful to understand device vulnerabilities before you start solving device security issues. For real that is.

Major professionally monitored security systems-and Google Nest When wise -Includes almost entirely high-end encryption (scrambles messages in the system and allows access through keys). This means that as long as you keep your app and device updates up-to-date, you shouldn’t be afraid to be hacked by software or firmware vulnerabilities.

Similarly, many security companies that use professional installers and technicians take strict steps to avoid exactly what happened at ADT. The Security Industry Association, a third-party group of security experts, advises manufacturers such as ADT on privacy and security issues.

“The security industry is getting a lot of attention [the issue of privacy in the home] “We continue to strive to help member companies protect their customers,” said Catherine Carroll, chair of the SIA’s Data Privacy Advisory Board, since 2010.

wyze-brand-update-09-1-20-191

Security cameras are getting cheaper year by year, but that doesn’t mean customers are willing to give up their privacy.

wise

Some professionally monitored systems, such as Comcast and today’s ADT, address the issue by strictly limiting the actions that technicians can take when assisting customers with their accounts. For example, prohibit adding email addresses to your account or accessing recorded clips.

“Comcast has a team dedicated to camera security,” a Comcast spokeswoman said. “Our technicians and installers do not have access to your video feeds or recorded videos that only a small group of engineers can access under monitored conditions for issues such as technical troubleshooting.”

A spokeswoman for home security company Vivint said, “Only customers can decide who has access to the Vivint system, including video feeds.” “Administrator users can add, remove, or edit user settings, and … we perform various automatic and manual audits of the system on a regular basis.”

With DIY systems, customers set up their own devices to give technicians access to key points. However, if the customer chooses additional monitoring, this is often offered with the individual product and can complicate the issue.

ring-battery-cam-4

Whether you’re choosing a professionally monitored security system or a DIY alternative, you can buy more cameras than ever before.

Óscar Gutiérrez / CNET

One such company, Frontpoint, said in an email that it severely restricts personnel access to customer information, for example, prohibiting agents from viewing customer camera feeds. For troubleshooting or other types of assistance purposes.

A representative of SimpliSafe, another developer who straddles the line between DIY and professionally installed home security, answered questions about the procedure more broadly. This relentless focus includes both internal and external security protocols. “

In short, security companies seem to be consciously using multiple levels of security to protect their customers from potential abuse by installers and technicians. Even if the process of doing this is not completely transparent. But even if they are effective, that doesn’t mean your smart camera is completely safe.

How do I access the camera?

In the case of ADT, the technician didn’t have to technically hack, but what if hacked? teeth Involvement?There is In many cases of Remote hack, in the end.And even High quality device with high level of encryption Given the right circumstances, it is not always safe from hacking.

FortiGuard security expert Aamir Lakhani told CNET that there are two main ways hackers can control video feeds: local and remote.

To access the camera Locally, The hacker must be within range of the wireless network to which the camera is connected. There, you need to access your wireless network using a variety of methods, such as brute force guessing your security passphrase or spoofing your wireless network to interfere with the actual passphrase.

Within local networks, some older security cameras are not encrypted or password protected, as the security of the wireless network itself is often seen as sufficient deterrent to prevent malicious attacks. Therefore, once connected to the network, hackers need to do almost nothing else to control cameras and potentially other IoT devices around their home.

img-6190

Hacking a router directly locally is one route to access security camera feeds, but it is not common.

Ry Crist / CNET

However, local hacking requires a targeted intent and is unlikely to affect you. remote Hacking is a much more likely scenario, eg Occurs quite often in the news cycle..As common as Data breache -like Equifax Also delta -Login credentials can be abused and there is not much you can do to prevent it other than changing your password frequently.

Even if your security company (whether professionally monitored or not) has strong security and end-to-end encryption, you’re using it elsewhere on the Internet. If you use the same password for your account and those credentials are compromised, your privacy will be compromised. At risk.

Also, if your device is out of date, running older software, or using products from manufacturers that don’t prioritize security, your privacy is much more likely to be compromised.

For hackers with a little know-how, finding the next target in an unsecured video feed can be Google search only.. A surprising number of people and businesses set up security camera systems and never change their default usernames and passwords. Specific website, Shodan.io etc.Show how easy it is to access unsecured video feeds like these by aggregating them for everyone to see.

How to know if you have been hacked

It would be almost impossible to know if it’s your security camera-or more nervously, Baby monitor -Hacked. The attack is completely unnoticed by the untrained eye, and most people will not know where to start the check.

The warning signal for malicious activity on a security camera is slower or inferior to normal performance. “Many cameras have limited memory, and when an attacker uses the camera, the CPU cycle can become very difficult and normal camera operation can be almost or completely unusable,” Lakhani said. I am.

Again, poor performance isn’t just an indication of a malicious attack. It could be a perfectly normal description, such as a internet connection or a drop in wireless signals.

Echo Show-8-2

Some devices, such as Amazon’s new Echo Show display, have a physical shutter to cover the camera when not in use.

Chris Monroe / CNET

How to protect your privacy

There is no system that is impervious to attacks, but some precautions can further reduce the chances of being hacked and protect your privacy in the event of a hack.

  • Use cameras from reputable manufacturers, whether they are part of a professionally monitored security system or a DIY device.
  • Use a camera with a high level of end-to-end encryption.
  • Change your credentials to something that is not easily guessed (especially avoid using passwords that are already in use with other online accounts).
  • Update your camera’s firmware frequently or whenever possible.
  • use Two-factor authentication If you can.

Another important step is simply to avoid the conditions of privacy invasion. Hacking is unlikely and can be avoided for the most part, but moving the camera away from the private room and pointing it at the front door of the house instead is a good way to avoid the worst potential consequences of hacking.

Lakhani also suggested placing a standalone security camera on its own network.This will definitely fail your plan Perfect smart homeHelps prevent “landing and expansion,” the process by which an attacker gains access to one device and uses it to control other connected devices on the same network.

You can go one step further and use a virtual private network. VPNIt further limits the devices that can access the network to which the security camera is connected. You can also log all activity on the network to make sure nothing is wrong with it.

Again, it is very unlikely that you will be the victim of such an attack, especially if you follow the most basic safety precautions. Using the above steps provides multiple layers of security, making it even more difficult for an attacker to hijack.

Correction, February 11th: Earlier versions of this article were misunderstood when ADT sought advice from SIA. ADT’s work with SIA preceded the discovery of technician abuse last year.

https://www.cnet.com/home/security/security-camera-hacking-it-can-happen-to-you-heres-how-to-stop-it/#ftag=CADf328eec Security Camera Hacking: It Can Happen You.Here’s how to stop this

Back to top button