News this week of footage stolen from security cameras in Singapore homes is rightly worrying many owners of these Internet-connected devices, who now fear that they are being surveilled.
The videos, which include couples, breastfeeding mothers and even children, have been uploaded to pornographic sites, The New Paper reported.
The news highlights what many have always feared – a breach of privacy that is caused by the growing number of connected, or “smart”, devices at home today.
It is also a wakeup call for those who still think that they are not a target of hackers and thus will not have to deal with cybersecurity issues. In an always-on world, it is impossible to keep all threats out.
However, it is possible to reduce your risks, for example, by minimising the “attack surface”, such as the amount of time your cameras are online or the number of gadgets you have connected.
Here are a few quick steps to do that:
1. Choose your camera carefully
There are numerous brands of cameras on the Web and not all are made equal. Some may offer regular software updates that patch up vulnerabilities as they are found, but others may not.
A rule of thumb is to pick a camera made by a reputable company that is trusted by thousands of other users. Some brands that come to mind are Arlo, D-Link, Ring and Ubiquiti.
Even with these brands, the record has not been perfect. Ring, for example, had some user accounts hijacked in December 2019, but it quickly worked to offer new privacy options to users.
While it is hard to say which brand will keep updating their hardware – even phones don’t get support after a few years – you can reduce your risk by avoiding camera makers that do not have a good track record.
2. Use a strong password
Although this should be a given, it is unfortunate that many users simply do not change the default passwords on their connected devices, including cameras. This lets an attacker simply log in with the manufacturer’s password to gain access.
Most trusted manufacturers today will remind or even force users to change the password after they have logged in to a camera for the first time but there are those that don’t.
If you have an older camera, do check that you are not using the same password that was set on default. Immediately change it to a strong password.
Plus, avoid recycling passwords as a matter of “hygiene” – don’t use the same one for your router and camera, for example. Certainly, don’t use “password123”.
3. Schedule when the camera is on
Again, this is meant to reduce your exposure. Is it necessary to have the camera pointing at your living room at all times?
For example, if it is to monitor your young children or elderly, would it be sufficient to turn it on only when you are not at home? If your camera allows you to schedule when it is turned on, it will reduce the exposure as well.
It is important to inform those whom the camera is pointed at as well. They should refrain from, say, changing in front of the camera just to be safe. With a camera pointed at you, always be wary.
4. Secure your home network
Defence in depth is key to keeping out the sort of “drive by” or opportunistic attackers who would typically steal footage from a home camera. They regularly scan the Internet for vulnerable users and devices that are easy targets.
So, it makes sense to keep your home network secure as well, since your cameras will most likely be connected to it.
The same minimum safety procedures apply here – use a strong password, update your firmware regularly and buy your hardware from a reputable manufacturer.
5. Store your footage securely
Though it is not likely, there’s still a chance that someone could steal the footage you have saved, say, on a manufacturer’s cloud storage server.
Here, there’s little you can do except to, once again, reduce the risk of this happening by choosing a well regarded manufacturer that is trusted to protect your footage.
You can also store your footage on-premise, if your camera manufacturer allows for it. Some let you plug in a USB drive to record the videos from your camera. If you choose to do this, make sure your home network is securely set up.
Reducing your risk, minimising exposure
At the end of the day, you have to measure your risks versus the benefits of having a camera at home. If there is a genuine need, sure, install the camera but make sure to reduce the new risks you now face.
Do so by minimising the exposure you would have. Don’t make it easy to break into your home network or hijack your camera. Reduce the amount or type of footage it captures, if you can.
Although manufacturers will sell the virtues of having another added camera or connected device in your home, know that each one will bring added exposure because it is an additional attack surface.
Seen that way, each new device needs to justify its existence in your home. It must be secure, as far as you can help it.
