Are Your Home Security Cameras Safe?

You need to have eyes everywhere. With the countless sources of danger that exist everywhere from the grocery store to the park, you have to constantly remain alert and watchful. This is especially true for many when it comes to their homes, the personal sanctuaries they share with family and loved ones. Homes are major financial and emotional investments, so homeowners always want to keep their eyes on them when they’re there and also when they’re away. Of course, Internet-based home surveillance systems are the go-to choices for setting up 24/7 monitoring of homes. These online surveillance systems typically utilize Internet cameras, also known as Internet Protocol (IP) cameras or network cameras. Internet cameras send and receive data through the Internet or a computer network like a local area network (LAN). By employing this online connectivity, IP cameras allow homeowners to access live security camera feeds of any room in their houses from a computer, tablet, or smartphone as far as thousands of miles away. What’s especially useful about home security cameras is that not only can they detect and deter potential intruders, but they can be used to observe the behaviors and activities of anyone residing or working at your home, including children, babysitters, repairman, and more.With all of the safety and protective benefits that home security cameras offer, you would think that these cameras themselves are safe and impervious to threats, right? Wrong. Unfortunately, just like all other devices connected to the Internet, collectively called “Internet of Things” or IoT devices, IP cameras, especially wireless versions, are vulnerable to online attacks like hacking that can lead to invasion of privacy and information theft. The thought of unknowingly being watched in a place as sacred as one’s home is enough to drive many to toss out their security cameras and all the benefits they offer. However, what this security risk means is that, just like many Internet-connected devices, these cameras are essentially little computers that need to be treated and protected as such, not as the simple standalone devices that they used to be decades ago. Here are some concerns to keep in mind with IP home security cameras and measures you can take to minimize threats to them and your home.

Security Risks to Internet Security Cameras

Local Attacks

Cyber thieves within some immediate physical distance of wireless networks of potential victims just need to infiltrate the network to ultimately access the cameras. They can break into a network by using brute force to crack the password, or they can find vulnerabilities in the Wi-Fi network to set up their own connection in between the victim’s computer and a server to intercept data in a Man in the Middle (MITM) attack. Once the thief has made it into the wireless network, if security cameras are their ultimate targets, then they typically count on the camera feeds not having any SSL/TLS encryption set up or not having any password protection in place. Unfortunately, this is the case for many home security cameras. Camera manufacturers usually sell cameras without having password protection for the camera feed set up by default, often to make set up easy for users. Many users either forget to set this feature up later, or they assume that it isn’t necessary because their Wi-Fi connection is encrypted and therefore believe that it provides enough security. Some camera brands also offer an encryption feature that encrypts the camera’s data communication or feed, but it must be manually enabled by the user. This feature can serve as an extra layer of protection that could be the last line of defense against thieves; but again, many users do not bother to utilize it, leaving an open door to attack.

Remote

Not only does the absence of encryption and passwords on cameras make it easy for hackers to intrude upon home security cameras, but so do default admin usernames and passwords that are not changed. Camera manufacturers sell their cameras with default usernames and passwords set up for the administrator role in the camera settings. These default admin credentials are actually available on the manufacturers’ websites, which means they are available to everyone, including online thieves. Knowing that many users will either forget to or not find it necessary to update these default credentials, hackers capitalize on this vulnerability by using online tools including search engines to search for unsecured video feeds on the Internet that have the default admin credentials as their login and also other security vulnerabilities that can be exploited. Using the Google search engine in a process called “Google dorking” or “Google hacking,” hackers can find and trace computers that have outdated or faulty software just by doing a strategic keyword search. Another tool hackers use is the site Shodan.io, a computer search engine where users can find different types of devices and systems that are connected to the Internet, including servers, cameras, baby monitors, and even home heating systems and water parks. It can even provide metadata such as the software these devices use. Hackers often use Shodan.io to find admin credentials for a camera just by running a search for a keyword like “admin.”Once cyber thieves get into a security camera either locally or remotely, they can then record the activity taking place in rooms in your home. Some disturbingly broadcast these feeds on the Internet for everyone to see, or they may use the video to blackmail the victims for money. Unfortunately, nightmares like this have taken place, like a story reported by ABC back in 2016 about a Houston woman’s young daughter who was being watched through a security camera in her bedroom. It was believed that the interloper hacked into the camera through server information found in an online video game that the daughter was playing; once he got in, the hacker livestreamed video of the young girl’s room across the Internet.

How to Minimize Home Security Camera Risks

Secure Your Wireless Network

If your Wi-Fi network is not secured or uses dated technology like WEP, bring it up to date by using the WPA2 as the security protocol for the wireless network to which your camera is connected. Opt for the WPA2 protocol with AES, which is a more secure type of encryption used by the new WPA2 standard and is used by the U.S. Government. Another effective option that provides more robust protection for your camera is the use of a virtual private network (VPN) with your Wi-Fi. With a VPN, your camera’s data transmission will be encrypted through a private portal that hackers will not be able to easily break into. Some VPN services even utilize military-level encryption technology that even brute force attacks cannot penetrate.

Keep Devices on Separate Networks

Another option that users may either find provides more control or more labor, would be to place security cameras on a separate, dedicated network apart from the network to which other IoT devices in the home are connected. By having separate networks for your camera and other devices, any possible attacks on the camera can be prevented from spreading to the other network and its devices and vice versa. However, some homeowners might find having to keep watch and maintenance on more than one network more time-consuming, inefficient for a “smart home,” and therefore unpractical.

Set Up Encryption in Camera Settings

If this feature is available, enable the encryption option in the administrative settings of your IP camera. This will encrypt streaming data from your camera, usually using SSL/TLS encryption, providing a barrier of protection for privacy that can deter hackers from making you their next victim.

Set Up Password for Camera Feed

As mentioned before, to make them easy for users to set up, most camera manufacturers sell their cameras unsecured without password protection for the video feed by default. Once you have your camera up and running, immediately set up a password before you forget; failing to do so could leave your video feed open to the world for anyone to view.

Change Default Admin Passwords

As stated earlier, camera manufacturers furnish cameras with default administrative usernames and passwords that are actually provided on manufacturers’ websites. Since these default credentials are accessible to anyone online, that means that they’re also available to cyber thieves who just need to identify vulnerable users of a particular camera brand and model to make their next strike. Changing the default username and password right away is a simple way to avoid being one of the many easy-target victims who fail to update the default credentials.

Keep Firmware Current

Firmware is a type of computer software that is permanently installed in the hardware of a device; it provides instructions that enable the device to function and communicate with other devices. Whenever your camera manufacturer sends out a firmware update, don’t wait to run it. Download it as soon as possible, as these updates are typically fixes for functionality glitches and security vulnerabilities. These updates may not run automatically, so be sure to check your device’s settings and/or dashboard for any update notifications.

Learn More About Online Vigilance

Let’s face it: Internet technology is advancing rapidly every day and is showing no signs of slowing down. This also means that the security risks that exist out on the ‘Net will also grow and adapt to survive any improvements in online security. Whether you’re a cyber professional or everyday Internet user, you can keep up with both Internet and cyber threat trends by educating yourself on how they work and what to do to reduce risks. The catalog of security courses offered by Cybrary is a great place to start!

• Computer and Hacking Forensics
• Security Engineering
• The Art of Exploitation
• Cryptography and Encryption