Here are some practices that can help protect device security and data privacy.
Chris Monroe/CNET
Install networked Monitor In your house will not necessarily bring you a wave of hackers wireless network – But the loss of privacy due to security flaws in the device is surprisingly common.Last year, a ADT Home Security The customer noticed that an unfamiliar email address was connected to her home security account, which was a professional surveillance system that included cameras and other equipment in her home.This simple discovery, and what she reported to the company, began to overthrow a long list of dominoes, leading back to A spied technician, In four and a half years, on hundreds of customers-watching them lead their private lives, undressing, and even having sex.
ADT stated that it has plugged the loopholes used by technicians and implemented “new protection measures, training and policies to strengthen…account security and customer privacy.” But privacy violations are Not unique to ADT, little more Loopholes It is harder to protect than others.
Whether you are using a professionally monitored security system, such as ADT, Comcast Xfinity or Life, Or you only have some standalone cameras from an off-the-shelf company, such as ring, nest or Alor, Here are some practices that can help protect your device security and data privacy.
read more: Amazon unlocks privacy features while trying to penetrate deep into your home
Is my security system vulnerable to attack?
Before addressing device insecurity, it’s helpful to know how vulnerable your device is real Yes.
The main professional surveillance security system-even cameras sold separately by well-known developers, such as Google Bird’s Nest and Whites – Including almost comprehensive high-end encryption (disrupting messages in the system and granting access rights via keys). This means that as long as you keep the latest applications and devices updated, you don’t have to worry about being attacked by software or firmware vulnerabilities.
Similarly, many security companies that use professional installers and technicians have strict procedures to avoid things that happen to ADT. The Security Industry Association-a third-party security expert group-advises manufacturers such as ADT on issues related to privacy and security.
“The security industry has been paying attention [the issue of privacy in the home] Since 2010,” Kathleen Carroll, Chairman of the SIA Data Privacy Advisory Committee, said, “We will continue to work hard to help our member companies protect their customers. “
Security cameras are getting cheaper every year, but this does not mean that customers should be willing to give up privacy.
Whites
Some professional monitoring systems, such as Comcast and now ADT, solve this problem by simply restricting the actions that technicians can take when assisting customers with accounts-for example, prohibiting them from adding email addresses to accounts or accessing any recorded Clip.
“We have a team in Comcast dedicated to camera security,” a Comcast spokesperson said. “Our technicians and installers cannot access the video sources or recorded videos of our customers. Only a few engineers can access these content while being monitored to solve problems such as technical troubleshooting.”
“Only customers can decide who is allowed to access their Vivint system, including their video sources,” said a spokesperson for the home security company Vivint. “As admin users, they can add, delete or edit user settings. And…we regularly conduct various automatic and manual reviews of our system.”
With the help of the DIY system, customers can set up their own equipment, making technicians a controversial issue. However, if the customer chooses additional monitoring (usually provided with a single product), it may complicate the problem.
There are more cameras available for purchase than ever before, whether you choose a professional surveillance security system or a DIY alternative.
Oscar Gutierrez/CNET
Frontpoint said in an email that it strictly restricts people’s access to customer information, for example, not allowing agents to view customer’s camera information—especially except for time constraints when obtaining permission from customers, such as troubleshooting or other types of The purpose of the help.
A representative of SimpliSafe, another developer that crosses the boundaries of DIY and professional installation of home security, gave a broader answer to the question of its program: “Most of our daily work is focused on maintaining our system in order to Vulnerabilities are identified and resolved immediately. This relentless focus includes internal and external security protocols.”
In short, security companies seem to consciously use multiple security levels to protect customers from potential abuse by installers and technicians—even if the process by which they do so is not completely transparent. But even if they are effective, it does not mean that your smart camera is completely safe.
How can I access my camera?
The ADT case does not technically require any hacking by a technician, but what if it is hacked? Yes Involved?have A large number of cases of Remote hacker, after all.and even High-quality equipment with high encryption Under the right circumstances, it is not necessarily safe.
FortiGuard security expert Aamir Lakhani told CNET that hackers can control video sources in two main ways: local and remote.
Access camera local, The hacker needs to be within the range of the wireless network that the camera is connected to. There, they need to use multiple methods to access the wireless network, such as brute force guessing a secure password or cheating the wireless network and interfering with the actual password.
In local networks, some older security cameras have no encryption or password protection, because wireless network security itself is generally considered sufficient to prevent malicious attacks. Therefore, once you enter the network, hackers do not need to do anything else to control the cameras and other potential IoT devices in your home.
Hacking the router directly locally is a way to access the security camera feed, although this way is not common.
Ry Crist/CNET
However, local hackers are unlikely to influence you because they need to focus on the target. secluded Hacking is more likely to happen, example Often appear in the news cycleSome like Data breach ——Such as those in fax or delta – Your login credentials may fall into the wrong hands, and if you don’t change your password often, you can’t prevent it from happening.
Even if the security company you use-professional monitoring or other means-has strong security and end-to-end encryption, if you use the same account password as elsewhere on the Internet and these credentials are compromised, your privacy is at risk.
If the equipment you use is outdated, runs outdated software, or is simply a product from a manufacturer that does not prioritize security, the possibility of your privacy being threatened greatly increases.
For hackers with a little know-how, using insecure video sources to find the next target is Just Google search. A surprising number of people and companies have set up security camera systems and never change the default usernames and passwords. Some websites, Such as Shodan.io, Show how easy it is to access these insecure video sources by aggregation and display for everyone to see.
How to know if you have been hacked
It’s almost impossible to know if your security camera—or, more disturbingly, Maintain the status ——Be hacked. Untrained eyes may not notice the attack at all, and most people don’t know where to start.
The red flags of certain malicious activities on the security camera are slower or worse than normal performance. “Many cameras have limited memory. When attackers use these cameras, the CPU cycles must work harder, which makes conventional camera operations almost or completely unusable at times,” Lakhani said.
Again, poor performance does not just indicate a malicious attack-it may have a completely normal explanation, such as poor Internet connection or wireless signal.
Some devices, such as Amazon’s newer Echo Show display, are equipped with physical shutters to cover the camera when not in use.
Chris Monroe/CNET
How to protect your privacy
Although no system is immune to attack, some preventive measures can further reduce your chances of being hacked and protect your privacy in the event of a hacker attack.
- Use cameras from reputable manufacturers, whether they are part of a professional surveillance security system or DIY equipment.
- Use cameras with advanced end-to-end encryption.
- Change your credentials to something that is not easy to guess (especially, avoid using passwords that you already use for other online accounts).
- Update the camera firmware as often as possible.
- use Two-step verification if possible.
Another important step is to simply avoid conditions that violate privacy. Hacking is unlikely to happen and can be avoided to a large extent, but placing the camera outside the private room and pointing it at the entrance to the house is a good way to avoid the worst possible consequences of a hacker.
Lakhani also recommends putting a separate security camera on its own network.Although this will undoubtedly frustrate your plan The perfect smart homeThis will help prevent “login and extension”, the process by which an attacker gains access to a device and uses it to control other connected devices on the same network.
Furthermore, you can use a virtual private network, or Virtual private networkTo further restrict which devices can access the network where the security camera is located. You can also log all activities on the network and make sure that nothing abnormal happens there.
Again, the chance of becoming a victim of this type of attack is very small, especially if you follow the most basic safety precautions. Using the above steps will provide multiple layers of security, making it increasingly difficult for attackers to take over.
Correction, February 11: When ADT asked SIA for advice, there was an error in the earlier version of this article. The cooperation between ADT and SIA earlier than last year discovered the abuse of technicians.
