As each new smart home device may pose a privacy and security risk, do you know what to look out for before inviting a security camera into your home?
Security cameras were once the preserve of the rich and famous. Now anyone can get their hands on one thanks to technological advances. The advent of the Internet of Things (IoT) has created a major new market – for manufacturers of devices like connected doorbells and baby monitors, and more sophisticated whole-of-property systems. Connected to home Wi-Fi networks, these devices allow owners to watch live video footage, record video for later and receive alerts when out of the house.
Yet these same features can also expose households to new risks if the camera is compromised and/or the footage is leaked. Not all vendors have as big a focus on security and privacy as they should. That means you need to ask the right questions before starting. Here are some examples:
1. Do I actually need a security camera?
First up, it’s time to decide if a home security camera is really necessary or if you’re only interested in getting one because everyone else seems to. Part of this decision-making process may be working out what type of set-up to get: whether you need a full CCTV system requiring professional installation, or a cheaper connected camera that can be up-and-running quickly and is controlled via a smartphone app.
2. Am I aware of the security and privacy risks?
This is critical. While home security cameras are meant to protect the household, getting one might, in fact, unwittingly put the household at greater risk. In a worst-case scenario, remote or local hackers could access live feeds to spy on family members or case out the property to see if it’s empty. Both scenarios can be unnerving, especially as you would have little warning that this was happening.
One way hackers could gain access to these feeds involves accessing the home wireless network, perhaps by guessing or brute-forcing the Wi-Fi password. A more likely scenario, however, is an attack in which they guess or crack your account passwords or exploit an unpatched firmware vulnerability.
3. Have I checked the security pedigree of the vendor?
With so many models on the market, it pays to research what’s on offer, and the reputation of different vendors. If you’re serious about security, you’ll want a reputable brand with a strong track record on building reliable products with good consumer ratings for security and privacy.
Things like prompt patching, strong encryption, enhanced log-in security and watertight privacy policies are important. And if engineers are required to fit a system, how much access are they granted? One US home security technician was able to spy on hundreds of homes over a four-and-a-half year period after adding his email on set-up.
4. Do I know what happens to footage and data?
Another potential element of risk is related to the vendor itself. Do you know if the video data is stored on-site or in the provider’s cloud datacenter? In its latest transparency report, Amazon-owned Ring claimed to have turned over an unprecedented volume of its customers’ footage to the US authorities last year, including some cases without the consent of the device’s owner. Many camera owners may feel uncomfortable about such policies.
5. Do I know how to secure the camera?
Once you’re aware of the major security and privacy risks involved, it’s worth familiarizing yourself with what’s needed to ensure these devices run safely. Default passwords should always be changed to something strong and unique. For added safety, use two-factor authentication whenever it’s available.
Also, devices should be regularly updated to the latest firmware. Choose a reputable vendor with a track record of manufacturing properly secured devices and shipping firmware updates. Switching off remote viewing of video footage will offer an added peace of mind and minimize the chances of a hacker accessing it.
6. Do I know how to configure the right smart home settings?
It’s not all about the settings on the camera itself. Your home router is the gateway to the smart home and could be a source of security risk if not properly configured. UPnP and port forwarding functions, which allow devices to find others on the same network, could be hijacked by hackers to access smart cameras. That’s why they should be switched off on the router, although it might prevent some applications and devices from working.
7. Do I know how to check if the camera has been hacked?
As mentioned, it can be difficult to spot if a security camera has been hijacked. Two of the things to look out for would be abnormal movements of the camera or strange voices or sounds coming from it. If suddenly you can’t log in because the password to your account has changed, then that clearly isn’t a good sign either.
Another possible avenue to consider is increased data usage or poor performance. If the device is being accessed by an unauthorized user, your camera may run slower because of limited memory and CPU power. This isn’t a fool-proof check though – it may also be the result of something more mundane like a poor internet connection.
8. Am I aware of the impact on others?
Getting a home security camera is not just about your own security and privacy. It could also impact the rights of your neighbors, if a camera captures images of people outside the boundary of your property. Under the GDPR, these individuals also have privacy rights that must be respected. It’s a good idea to position cameras so as to minimize any intrusion, and to be as transparent as possible with neighbors. The UK government has a good guide here.
There’s plenty to consider before buying a home security system. And like any purchase, the more up-front research you can do on it, the better.