How Secure are Security Cameras?
From a consumer standpoint, the influx of affordable security cameras makes monitoring homes and properties more viable. These smart cameras are becoming increasingly popular because they can do pretty much everything a high-end security camera can do at a fraction of its cost. They are marketed as baby monitors, pet cameras, nanny cameras, or spy cameras—smart cameras that provide users a peace of mind.
However, these mass-produced cameras also raise security concerns. It is not always clear if these cameras undergo strict quality control checks. More often than not, they only have the most basic security settings that can easily be bypassed or hacked.
Most of the security cameras being sold online connect to the internet which makes it an easy target to hackers and snoopers. It is suggested that these cameras contain critical security flaws that put consumers’ privacy at risk. This then begs the question, how secure are security cameras?
Unknown Security Camera Brands
Most of the security cameras are mass-produced by companies based in China. These are largely unknown brands that found their way into mainstream online retailers on the strength of their pricing. They appeal to consumers who want to set up a simple home security system without breaking the bank.
It is evident that price is a major purchase consideration among consumers. If they could get a cheaper alternative to established security camera brands, they tend to not give much thought about the credibility and reliability of the companies that manufacture them.
Many of these companies don’t have an online presence outside of the product details posted on virtual marketplaces where their products are sold. Those with websites have limited contact details and no customer service or tech support, which should raise a red flag. If these companies cannot be reached, it would be nearly impossible to address concerns in a timely manner.
Critical Security Issues
Many security camera brands can have critical security flaws and serious vulnerabilities. When these vulnerabilities are exploited by hackers, personal data is compromised. Security cameras that are prone to hacker attacks can have any or all of these security flaws:
- Weak passwords
Security cameras that have a default username (e.g. Admin) and easily guessable password (e.g. 1234) allow virtually anyone to gain complete control of your camera.
- Unencrypted data
Network or internet security cameras that send unencrypted data over the internet allow hackers to access video footage without the owners’ knowledge.
- Peer-to-peer (P2P)
Security cameras with P2P features carry some vulnerabilities because they allow users to connect to the camera once they come online. These cameras do not require manual configuration. Users can easily access the camera using a unique identifier (UID). Devices that use iLnkP2P are exposed to camera hijacking and remote attacks.
How do Security Cameras Get Hacked?
Because of security flaws and vulnerabilities, it is fair to say that most home security cameras are not as secure as homeowners what them to be. There may be some level of security in place, but it could be easily breached by persistent hackers. Oftentimes, the hackers don’t even have to try hard to break and enter into systems.
Hack 1: Control a home security camera’s connectivity
In this type of hacking, the goal of the hacker is to use the security camera to hijack its web connectivity. It has little to do with viewing or stealing video. Hackers take control of the security camera’s connectivity to mount a Distributed Denial of Service (DDoS) attack, the ultimate purpose of which is to overwhelm a particular online service with traffic from multiple sources rendering it unusable.
More often than not, a DDoS attack is a diversionary tactic to distract from other bigger criminal activities such as data theft or network infiltration. Since the target is focused on fighting the DDoS attack, hackers are able to do a more nefarious criminal act.
Hack 2: Gain access to security camera’s video feed
Hackers are able to access your security camera’s video feed either by local attack or remote attack. Accessing a camera locally means the hacker is within the range of the router. Using a deciphering program, hackers can crack a wireless router’s password, which they will then use to gain access to your network and your security camera.
Hackers prefer to do a remote attack on vulnerable points of a network. When your home security is breached, hackers can access your camera’s video feed and use it against you. Hackers can broadcast and live stream the footage without you knowing.
How to tell if your security camera is hacked
It’s quite difficult to know if your home security camera has been compromised. If you don’t suspect that you are hacked, you wouldn’t be compelled to check it in the first place. However, there are tell-tale signs that your security camera has been hacked and you must do some routine checks to ensure that there was no security breach.
- Check for unusual security camera behavior.
Different security camera brands and models have different behavior based on the settings. You must know what your camera’s “normal behavior” is at default settings. Observe the way your camera moves or behaves when you change to different settings. If the camera exhibits unusual behavior beyond what is expected, then it is most likely hacked.
- A pan-tilt security camera usually moves at a specific time interval. If it suddenly moves randomly, then it’s most likely hacked.
- When some strange voices or noises can be heard from the camera’s 2-way intercom. This is known to happen in baby monitors. The intent is not just to listen to conversations but to scare the owners as well.
- A blinking LED light is usually not a good sign. If your security camera’s LED light starts to blink randomly, it could mean that someone has hacked into the system remotely.
- If you see that the LED light is illuminated even if you know for certain that you did not turn it on, then somebody is controlling your camera wirelessly.
- If your camera is suddenly activated even if there is no motion detected, it’s highly likely that it is being controlled remotely by someone else.
- Check if the security camera settings have been changed.
Make it a habit to check your security settings for changes that you have not done yourself. Check if your password has been set back to default or if the camera name has been changed. Hackers tend to showcase their hacking skills and would leave their mark by changing the camera name to something clever.
- Check if there are spikes in network traffic.
One way to check if your security camera has been hacked is to track the data flow to your home network. If there is a sudden spike in the network traffic from any of your devices connected to your network, chances are your network has been hacked. So keep tabs of all the devices connected to your internet. If the hackers can gain access to one of your devices, nothing is stopping them from accessing your security camera.
How to Protect Your Security Cameras from Hackers?
Hackers seem to be one step ahead of security camera manufacturers. They use sophisticated tools to stealthily break into systems. Sometimes, they don’t even need to resort to high-level hacking techniques because there are blatant security flaws and vulnerabilities in security cameras to start with.
While there’s no guarantee that home security camera systems would be 100% safe from hackers, there are ways to minimize the chance of a security camera from getting hacked or at least make it difficult for hackers to succeed. Here are ways to secure your security camera.
- Use passwords that are tough to crack
Most security cameras have a default password that is begging to be hacked. Passwords like admin or 1234 are easy to remember but are also easy to crack. The first thing to do is change the default password and replace it with a combination of special characters, numbers, and lowercase and uppercase letters.
It’s also important to change the access codes of your home network router. Many people just forget this step or they feel that the factory defaults are secure enough. Keep in mind that these routers are mass-produced and sold all over the world so creating a unique password is not a priority for manufacturers.
Change your passwords regularly and don’t use the same password across devices. If you use one password for everything, you’re giving hackers a chance to hack into all your devices.
- Limit the number of people that have access to your security camera footage.
It is just best practice to limit the number of users who can access your camera to people you trust. If you want users to access footage from your security camera, it is recommended to get a security camera that enables different levels of access for different users.
There are cameras that restrict users from changing settings or enabling or disabling camera features. If certain users need access to video footage, give them a “guest” access where they are permitted to view footage and nothing else.
- Upgrade security camera firmware
If you get a notification from the security camera company or developer prompting you to upgrade the camera firmware, do it. Firmware updates usually include bugs and security fixes. It’s a security measure to prevent privacy and data breaches.
Even if you don’t get notifications, you can go to the manufacturer’s official website and check if the developers have rolled out the latest firmware. If your security camera company does not have a tech support, consider it a red flag.
- Install antivirus and antimalware software
Hackers and cybercriminals have come up with creative ways to exploit Internet of Things devices including security cameras and baby monitors. In recent years, hackers are “camfecting” devices that have cameras.
Security cameras can be infected with malware that enables hackers to hijack or intercept video and audio feeds and stream them online for everyone to see. Private conversations and compromising moments are broadcasted without the knowledge of the owner. In extreme cases, the hackers use the recordings or feeds to blackmail victims and force them to agree to their demands.
To prevent these things from happening, install an antivirus software that has antimalware applications where it not only detect malware threats but also disable and remove them from the system.
With the way hacker operate nowadays, conventional malware scanners are no longer effective in detecting threats. Your home security system needs a comprehensive security solution that has a fighting chance against cybercriminals.
- Get a security camera with advanced end-to-end encryption
Security cameras that have basic security features just won’t cut it. Aside from buying a security camera from a trusted source, you must also consider getting a camera that has multi-level security features. This means that even if passwords and routers are compromised, the video recordings or video feed cannot be accessed. This added layer of security protects your videos from being broadcast to other platforms.
What is End-to-end Encryption in Security Cameras?
Most home security cameras available on the market are using plain data to transfer their video data over the internet. This means that what is recorded by the camera is transferred as it is.
The level of security is only at the login level through the use of password. Anyone who has the password can access the video. Unfortunately, hackers and attackers have caught on and use sophisticated tools to crack these passwords. There’s no other layer of security and once they are in, all data are up for grabs.
Another way to access the videos is to just simply sniff the network traffic and steal the video. Since the recorded video is streamed through the network as plain data, it can be fully viewed in its raw form.
Most cloud camera services store the video recordings in their server as plain video data. Anybody could see the video if the server is hacked, that is, the plain video that has been captured by the camera.
The video or footage can be intercepted while traveling through the internet to a smartphone or mobile device and all the video data is plain data that can go directly into the hands of hackers or people you don’t want accessing your videos.
These vulnerabilities gave rise to security cameras that use end-to-end encryption (E2EE). With the E2EE technology, your video data is encrypted in the camera and is then sent through the internet in that form.
Even if someone gets your password, the video would have to be decrypted for it to make sense. If a hacker intercepts the encrypted video data, he or she would not be able to view the actual video. The video would look like a TV static on screen or would simply not be viewable.
The video is then decrypted into the phone of the authorized user and only for that user alone. The video data is stored in a cloud server and encrypted by the user’s private key so that even the cloud service provider’s software engineer couldn’t see the video.
This level of security ensures the confidentiality of your security camera recordings when they are transmitted over the internet.
How Does Encryption Work?
Security cameras that have E2EE capability uses Advanced Encryption Standard (AES), which is a symmetric key encryption cipher. In simple terms, the key used to encrypt the video data is used to decrypt it as well.
AES is regarded as the gold standard for data encryption and is used by the United States government to maintain confidentiality and to secure data. This type of encryption, if properly implemented, does a great job of securing data while in transit.
In the realm of security cameras, this means that securing the video data uses a public key for encryption and a private key for decryption. The sender of the data does not need to know the intended recipient’s private key. With this system, videos can be safely transferred over the internet.
The algorithm used in AE encrypts and decrypts data in blocks of 128 bits using 128-bit, 192-bit, or 256-bit keys. Most security cameras with E2EE uses AES-128. To give you an idea of how secure this AES encryption is, it would take the most powerful and sophisticated computer in the world a little less than 900 quadrillion years to crack a 128-bit AES key by brute force. So it would be extremely difficult to crack the key using regular hacking tools.
E2EE and Cloud Service
With E2EE security camera, video data is most secured during transmission over the internet, but it still does not protect the data at the endpoint, which is the device itself. This is because hackers know that they can attack when the video has already been decrypted in the device. In the case of security cameras, endpoints would be smartphones or mobile devices that can access the decrypted video data.
To combat such vulnerabilities, security camera manufacturers are also securing their video storage systems in the cloud using the same end-to-end encryption system. This way, videos and camera footage are secured from the start point to the endpoint.
The Weakest Link: Endpoints
Hackers have made it alarmingly simple to break into a network using a security camera. But even with sound security measures, hacking activities continue to persist. End-to-end encryption protects people in the sense that no third party is able to decrypt the video data while in transmission. However, security experts have warned that your videos and footage are at their most vulnerable when they are stored on a disk, in a memory card, or on a device in the cloud.
If hackers can gain control of a device, they don’t need to decrypt the data in them. This means that no matter how effective E2EE is in keeping data safe while in transit from one device to the next, there’s no guarantee that the data will be safe when it reaches compromising endpoints like smartphones, tablets, laptops, desktops, and storage devices.
The reality is that people are not keen on adding layer upon layer of protection to these devices because they don’t like the inconvenience of multiple locks and barriers. They make it harder for people to use their devices. Hackers are getting more creative and sophisticated that no device is really safe if they find even the slightest vulnerability in the endpoints. For E2EE to fully work, security camera owners must also develop a security mindset and keep up with the times.
Next-generation Security Cameras with End-to-End Encryption
If you search for E2EE security cameras in online marketplaces, you’ll only find a few of them. One security camera that stands out is the Haicam E2EE Cloud Security Camera. This camera was conceived following the 2016 DDoS attack on a hosting company which exposed more than 145,000 security cameras around the world.
With E2EE capability, the videos recorded on the camera are protected through encryption. What’s more, other devices connected to the camera are protected as well by the encryption software. On paper, this appears to solve the problem of endpoint weakness.
If it works as intended, home security video monitoring system can be protected from end to end, which reduces the risk of hacking and attacks. The potential for videos to be intercepted by hackers would be greatly reduced or possibly eliminated.
As it stands, many companies that own your device most likely have the ability to access your information if they needed to, which increases your vulnerability to data interception and hijacking. But if even the cloud service provider or software engineer has no access to the video data, then this is an added layer of security that can protect privacy.
It may not be a full security system, but the technology is inching closer to addressing the security flaws and vulnerabilities of security cameras in the market. The next-generation of security cameras should bridge the gap and provide a full end-to-end solution that will keep data safe and secure from all endpoints.