Is it worth getting rid of your smart camera after another privacy hiccup, or can you protect your data?
Last month, about 13,000 users found themselves receiving snapshots from someone else’s home when Wise Cameras restarted after the service was shut down. It wasn’t the first time Wise, known for its budget-friendly security cameras, had to apologize for a privacy lapse, and it certainly allowed users to view unauthorized camera footage. There was no early precedent.
Wise is just one example among many making headlines for such slip-ups. From an Amazon employee to an ADT employee who admitted to hacking more than 200 accounts to peek at videos of female customers, privacy breaches are a real threat to smart home cameras. But can smart homes take steps to keep enjoying features like motion-activated lights, package notifications and security alerts? Or is it time to consider ditching smart cameras altogether in light of the recent scandal?
Even with the implementation of best practices to enhance data protection, even the most stringent privacy measures cannot be foolproof against breaches. In the case of Wise’s recent security lapse, the breach was not caused by weak passwords or sophisticated hacking, but by a third-party caching library that mixed up device IDs and user IDs, resulting in Incorrect data was transferred to user accounts.
So, should you ditch your smart cameras?
According to Dr. TJO Connor, Ph.D., head of the cybersecurity program at Florida Tech and co-author of various studies on IoT security, users could not have prevented the Wise breach on their own. Although the connection to the cloud servers was encrypted, the actual files remained unprotected.
This is the commonly adopted approach,” he said, explaining that the “encrypted at rest” option often introduces performance and usability challenges. Dr. O’Connor explained the details for us:
The recent incident with Wise highlights a broader concern for security camera vendors. As consumers, we lack transparency regarding how and where our videos are stored. All content is stored in the cloud on content delivery network servers. In Wise’s case, it appears that they store unencrypted video clips and thumbnails on AWS content delivery servers. Lack of encryption is a key issue here, potentially allowing a malicious insider to view videos or, as seen in this case, a technical glitch inadvertently exposing unencrypted videos to other users. Masks. He does.
In a paper co-authored by O’Connor last year, researchers hypothesized that demand for affordable smart cameras led to the creation of a number of inadequately secure devices. The study, which reviewed five security cameras under $100 from the Kangaroo, Night Owl, and Genie, found inadequate security software, including a lack of encryption.
Is it time to break away from smart cameras? For the most privacy-conscious, the answer might be yes — considering that only Wise could have prevented the latest breach, not the end user. However, given that cameras are integral to many smart home devices, including robot vacuums and smart refrigerators, going camera-free isn’t a viable option for everyone.
Despite O’Connor’s extensive research on IoT security vulnerabilities, he personally equips his residence with doorbell cameras, voice assistants and other smart devices. While stressing that there are no foolproof security guarantees, he suggests adopting best practices like a separate wireless network and strong passwords can mitigate some potential breaches.
For Wyze customers, past breaches may prompt some customers to reconsider their loyalty to the brand. However, O’Connor highlighted that Wyze self-reported the latest breach rather than covering up or denying the wrongdoing. Additionally, following their previous research in 2019, which raised potential issues, the company implemented several changes, including the introduction of a bug bounty program.
Securing your smart camera footage, practical tips for privacy
Ensuring the privacy of your smart camera footage is important, given the inherent vulnerabilities associated with cloud storage. Adopting a set of best practices can greatly lower the danger of unwanted access, even though guarantees cannot be given.
1. No Privacy Guarantee for Smart Cameras: It is important to know that no smart camera can guarantee privacy. Potential vulnerabilities are introduced by the nature of cloud storage. Still, you can strengthen the security of your video by following the suggested procedures.
2. Avoid placing cameras in private areas: A basic rule when integrating camera-equipped devices into your smart home is to keep them away from private areas. A Federal Trade Commission complaint against Ring serves as a stark reminder, that an employee accessed videos from cameras labeled in intimate spaces like bedrooms and bathrooms. Avoid installing cameras in such private rooms to reduce risks.
3. Intelligent choice of smart devices: If you find yourself in need of a smart assistant as an alarm clock or want to enjoy music with a smart speaker in the shower, choose models without built-in cameras. . This proactive step helps eliminate potential risks associated with placing cameras in places where privacy is most important.
If you really need a smart assistant as your alarm clock or want to blast tunes with a smart speaker in the shower, opt for models without built-in cameras.
When it comes to video baby monitors, keeping cameras out of bedrooms isn’t always possible. If you’ve weighed the privacy risks against the peace of mind of monitoring your baby’s sleep and sound, position the camera strategically to capture only the sleeping area. Ensure that any modified area is excluded from the camera view to maintain privacy.
Deactivate Indoor Cameras When You’re Home
Many security or pet cameras become redundant once you return home, making it a wise choice to disable them during your stay. If the thought of pulling out your app every time you come back sounds like a pain, there’s an easier option – you can employ a voice assistant like Alexa to disarm your smart cameras.
Another effective method is geofencing, which can automatically enable or disable your cameras based on your location. By using your smartphone’s location, geofencing ensures that your cameras are automatically turned off when you get home. This not only eliminates the hassle of receiving notifications when your camera passes by, but also reduces the number of self-made videos, the risk of being inadvertently exposed in the event of a privacy breach. Reduces
O’Connor recommends limiting sharing permissions to the bare minimum, suggesting that this may require turning off geofencing features.
Using geofencing for your smart home devices presents a privacy dilemma. To enable this feature, you need to provide constant access to your smartphone’s location. The downside? You can further target yourself with location-based targeted advertising. Dr. O’Connor suggests a sensible approach by limiting sharing permissions to a minimum. In practice, this may include choosing to turn off geofencing features to maintain a high level of privacy.
Recognize that various privacy features are sensitive to remote disabling.
Smart home users should be aware that hackers can potentially disable any privacy features accessible through the smart home app. This consideration is especially important when configuring camera-equipped devices. If your account gets unauthorized access, a hacker could exploit the vulnerability, which could result in disabling features like geofencing.
In a 2023 study on security risks associated with budget cameras conducted by Dr. OConnor, researchers discovered a firmware vulnerability in the privacy mode of the Kangaroo privacy camera. This particular mode, designed to obscure the lens view by activating the liquid crystal lens, can be manipulated by an identified threat.
While digital privacy features may be susceptible to remote manipulation, it’s worth noting that physical privacy features offer a more flexible defense. For example, the defective camera cover found on many Alexa Show models is difficult for actors to manipulate, requiring a physical presence to remove. This underscores the importance of considering digital and physical security measures when securing your smart home.
Use a unique, complex password
When you start setting up your smart home system, it’s important to avoid recycling passwords from other accounts. Take a more secure route by choosing a complex password – a randomly generated string of letters and numbers. This approach provides stronger protection against hacking attempts than passwords based on common terms or easy-to-remember numbers such as addresses and birthdays. By adding a password manager to your security toolbox, you can streamline the process of creating and maintaining complex, one-of-a-kind passwords for all your online accounts. It improves security while simplifying the work for you.
Your security with multi-factor authentication
For stronger security in your smart home setup, make it a golden rule to enable two-factor authentication (2FA) for your devices. With 2FA, you’ll usually receive a notification if someone tries to access your account. This prompt gives you the option to immediately block unauthorized access and control your security by changing your password. Protecting your smart home has never been more straightforward.
Isolated access for your IoT network
According to O’Connor, a leading authority on smart home security, it’s recommended that you set up a dedicated wireless access point fr your smart home devices. Achieving this separation can be done by separating your Wi-Fi network, including creating VLANs or dividing your router into 2.5Hz and 5Hz networks. The main benefit is that your smart devices will need a different Wi-Fi password to work, which is an important security precaution, especially if you want guests to use their regular Wi-Fi password. allow This technique strengthens the overall security posture of your smart home environment.
Limit sharing permissions
Smart home devices pose more than just the risk of unauthorized access to camera feeds. To minimize potential risks, O’Connor recommends limiting smart home apps to the minimum necessary permissions. A practical example is restricting access to location services.
While using cloud-connected smart cameras inherently involves some degree of risk, adopting best practices can significantly reduce the chances of your footage falling into the wrong hands. Protecting your smart home environment and controlling who can access your data can be achieved by taking strong security measures such as creating strong passwords and creating a separate Wi-Fi network.