SINGAPORE – Internet home security cameras came into the spotlight again in December last year when dozens of United States customers took up a class action lawsuit against popular smart camera-maker Ring after they were harassed by people who hacked into their devices.
Some hackers allegedly issued death warnings, threatened sexual assault and spewed racial slurs through the victims’ smart cameras from Ring, which is owned by tech giant Amazon.
The customers accused Ring of not giving adequate responses to them and failing to sufficiently update the security measures for its smart camera service.
Internet camera hacking has happened here too. Last October, it was reported that home security cameras were hacked, with footage stolen and circulated online.
Faces were clearly visible in many of these videos, which included private or compromising ones of couples, breastfeeding mothers or children.
How exactly do home cameras get hacked, and what can the consumer do about it?
Getting hacked
Many intrusions of privacy stem from compromised passwords and not security weaknesses with the hardware.
This means that hackers had gained access to the accounts linked to the home cameras and thereby the footage too.
The top culprits? Reused and weak passwords.
According to a 2019 Google-funded study, two out of three (65 per cent) adult users in the US said they either reuse the same passwords for multiple accounts or use similar passwords for all their accounts.
Many people likely still reuse passwords because they underestimate the ease with which this practice can be exploited.
There is a thriving underground trade in credentials and personal data compromised through various security breaches.
From e-commerce sites to cloud storage services to social media networks, many online services that people use have suffered a data breach at some time that culminated in the theft of passwords and usernames.
A lot of this information ends up online where it is exploited to perform “credential stuffing” attacks. This is where hackers take compromised account names and their corresponding passwords and test these login details on various online accounts, in the hope that one can be unlocked because the stolen details were reused for that account.
Credential stuffing is far easier than it sounds. Automated tools that can scan scores of the top online services are easily available, allowing novice hackers to find vulnerable accounts with the click of a mouse.
Hackers can also find the right password by making repeated attempts to log into an account.
Again, specialised software can churn through hundreds of thousands of passwords to break into accounts secured with poor passwords. The software never tires and can run for days or weeks on end.
Less common today is the exploitation of home cameras that are poorly designed.
Brand-less home cameras or old, Internet-capable cameras that are no longer maintained are especially vulnerable, though this can happen to devices by brand-name manufacturers as well.
Protecting your family
What can consumers do to keep high-tech voyeurs out of their homes? The most important thing you can do is to use a strong password – one that is not used anywhere else.
Both concerns can be addressed in one fell swoop with a good password manager, which can generate unique, strong passwords and remember them for you.
If your home camera is cloud-based and offers two-factor security, make sure to enable it too.
The next step is to ensure that the latest firmware updates are applied. Cloud-based cameras generally keep themselves updated, though some might require you to update the firmware through a mobile app.
When choosing a security camera, go for trusted brands and avoid older models that are no longer actively supported.
For this reason, it is probably not a good idea to buy a five-year-old Internet-enabled camera from an e-commerce site.
Cyber security is a constantly evolving area. While some home camera manufacturers have implemented advanced security features, not all have done so.
Hence, it makes sense to work on the assumption that your home cameras will eventually be compromised.
This means applying common sense in the placement of your cameras, angling them away from bathrooms and bedrooms.
Also, treat your home cameras as one would a security camera in a mall or a public location, and have family members moderate their behaviour accordingly.
Finally, while the cost of storage space is at an all-time low, few people have a need to hoard months of recordings. Set a reasonable period of a week or two to retain your cameras’ recordings and discard old footage that you do not need.