They say that home is where the heart is, but, it’s actually where you feel the safest. Unfortunately, with so many mishaps around the country, homeowners have begun to beef up their security. Alarms and burglar-proof bars just don’t cut it anymore – security cameras are the norm, and since crime is on the rise, they’re here to stay.
According to a Home Advisor report, around 30 million homeowners across the United States have purchased household surveillance systems.
The same report reveals that the average cost of installing a Fort Knox-grade home security system (or, at the very least a decent one) is $1,333 (between $655 and $2,011). Despite the cost, people are willing to go along with it, knowing that their home and surroundings are safe. But are they really?
The great Hackaton
As you know, virtually any electronic device can be tapped into, hijacked, hacked, or whatever you like to call it. The Medtronics case proves my point. So, around 2017, Medtronics, a US-based med equipment manufacturer was getting ready to push a next-gen insulin pump.
With FDA’s approval, the pump nearly made it to market until a team of security researchers blew the whistle on the project, calling it a disaster waiting to happen – well, not literally.
Long story made short, Medtronics created a radio-controlled insulin pump for patients with type 1. The dosage could be adjusted via remote, thus reducing the patient’s reliance on caretaker or nurse.
MiniMeds, as they were called, had to go through a major redesign after the two researchers proved that the device can easily be hijacked with a simplistic app and used to deliver a fatal overdose.
Sorry for the long and tedious intro. I just wanted to prove a point – if a system as ‘closed’ as an insulin pump can be hacked, so can security cameras.
In most cases, it’s poor cybersecurity hygiene (people too lazy to change default passwords, connecting cameras to unsecured routers, buying second-hand, etc.). However, there are cases where the devices themselves have design flaws that allow malicious actors to take control. It does have an Orwellian appeal to it, but this type of scenario is very real and extremely frightful.
Just to get an idea of what poor online security hygiene can get you into, I give you the 2016 ‘video-streaming experiment’. Apparently, a site that originated in Russia ‘leaked’ videos from over 15,000 locations in as many as 256 countries. Some big players were caught in the crosshairs: Linksys, Foscam, Panasonic, Hikvision, and AvTech.
There’s a lot of scuttlebutt about home security cameras and I’m here to sort it out. So, here’s everything you need to know about surveillance devices.
EASY AND RELIABLE. WORKS WITH ANY ANTIVIRUS.Try Thor Foresight
How do you hijack a security camera?
Before talking about how home security cameras can be hacked, it’s imperative to know a little bit about them. There are several types of home surveillance systems – we have indoor and outdoor cameras, nanny cams, wireless cameras, wireless cameras with motion-sensing technology, IP cameras, CCTVs, wired cams, fake cams, you name it.
As far as indoor surveillance systems are concerned, homeowners tend to go with a Wi-Fi solution. It makes sense; compared to wired cameras that require some degree of expertise to set up, Wi-Fi cameras are out-of-the-box ready, meaning that you only need to power them up, find a proper place to set them, pair with the mobile or desktop app and that’s it. However, a good one is going to cost you a pretty penny, that’s for sure.
So, we have wired cameras, that run in a closed circuit, private CCTVs that are part of a larger surveillance system, and Wi-Fi cameras that are hooked up to your home’s router via an IP. If you just want to make sure that everything’s hunky-dory while you’ll away, a wireless camera hanged just above the doorway is more than enough.
On the other hand, if you want to keep tabs on what’s happening in your backyard or on the other side of the front door, it would be best to go with a closed-circuit and wired surveillance system. It’s the best safety measure today for that those package pirates (people who steal Amazon packages from your front door after delivery).
I won’t go into many details about security cameras because we’re here to talk about hacking and, of course, appropriate countermeasures.
Now that you know a little bit about the various types of home surveillance systems, let’s talk about hacking. As you probably know by now, any electronic device can be compromised (see the above example about Medtronic’s MiniMed). How should I go about this?
Well, in terms of cybersecurity, home security cameras aren’t that secure. What’s that supposed to mean? Think about it – you can really install antivirus software on your surveillance device. The best you can do would be to connect it to a secured network. But even that won’t guarantee total safety.
Let’s start out small. Wi-Fi cameras connect to your home’s router via an IP. That there’s a pain point; one of many, unfortunately. IP hacking or hijacking is, indeed, one of the methods used by malicious actors to seize control of your home security camera, but hardly the only one of the most popular.
In a nutshell, IP hacking means stealing your credentials via IP address impersonation. They use your PC’s com port to obtain info such as your email address, financial data, and everything commonly used to identify you as a living, breathing, and praying person.
Anyway, getting back to the topic at hand – the most common way to tap into a home security camera would be credentials stuffing. How does that work? Well, imagine being a hacker and stumbling upon a database on the dark web that contains usernames and passwords for routers. ‘What to do, what to do?’ asks the hacker on the night before Christmas when all’s quiet around the…basement.
What usually happens is that malicious hackers tend to sort of try to remote-connect to routers, using the credentials buried in those databases.
You might think this an exercise in futility, but it’s not – according to a report by Recorded Future, approximately 30,000 accounts get compromised each year. The reason – people don’t seem to think it’s important to change their routers’ default passwords. More on that later.
How to figure out if your camera got hacked
What we know so far is that home security cameras can be hacked and it’s not that hard to do it. So, the question that ensues is: how can I tell if my home security camera got hacked? Here’s what you should look for.
1. Strange noises in the dead of night
No ghosts, ghouls or socks-stealing elves – just your IP camera making strange sounds. Of course, some security cameras can make unusual sounds while rotating or zooming, but that usually happens while you’re at the helm. So, if you hear those types of sounds coming from the camera, first check that no one’s fooling around with it or trying to pull a fast one on you.
If everything else checks out and your camera is still on the fritz, it most likely means that it has been hacked and that someone might be looking at you. Be cautious around baby monitors with live video feed – those are even less secure than regular indoor surveillance cams. And you really wouldn’t want some creep to eyeball your child while he\she sleep, do you now?
2. Light at the end of the…camera?
Virtually every home security camera model comes with an illuminated LED light. That tells you when the device is switched on and recording. If you see the LED turning on and off by itself, it means that someone is attempting to tap into your camera or has already done so.
To ensure that this is not a random glitch (or someone trying to prank you), turn off the camera and ask everyone around the house to disconnect from the cam. If this type of behavior continues, especially at night time, it means that someone hacked into your device.
3. Check for abnormal rotations
Not much of a home security camera if it can’t cover those blind spots, isn’t it? Most commercial security cameras, including the cheaper models, have some sort of rotational factor. One way to figure out if your home cam has been hacked is to disconnect from it and see how it behaves.
If it starts rotating on its own, as if it’s eyeballing you, it means that someone might have tapped into it. Of course, it could just be a glitch, major design fail, or someone trying to mess around, but are you willing to take those chances?
4. Check for any subtle changes in the camera’s security settings
Hackers, especially the talented ones, will be gunning for your camera’s firmware settings. Oftentimes, they will disguise any changes made to the cam’s software as firmware upgrades or security settings that make no sense. You can also expect your cam’s user & password to be reverted to default.
So, if you notice any unusual activity in your camera, take a closer look at its security settings. Look for anything out of the ordinary – a new menu or submenu, password-change prompts, unauthorized connections.
5. Poor performance, intermittent video feed, ramped up processor
Just like a computer or tablet or smartphone, a home security camera has its own processor, storage device, logical board, etc. So, every kind of operation (i.e. zoom in/out, rotate, record, replay, backup) impacts performance in one way or another. Of course, routine operations should have no bearing on the camera’s resources.
The same thing cannot be said about clandestine operations – additional tasks, especially those who are running in the background can severely impact your camera, causing things like an intermittent video feed, processing speed going downhill, device not responding to commands. Now, if you encounter any of these things, it stands to reason that someone might be trying to tap into your cam.
6. Voices! Voices in the dark.
While hearing disembodied voices is never a good sign, in case of security cameras, it might mean that someone has hacked your device. Some surveillance devices, such as those used to monitor employees or nanny cams, are outfitted with speakers and microphones.
So, if you ever hear a voice coming from the camera and it’s not your tyke cooing or a familiar voice, it most definitely means that your device has been hacked. You should also pay attention to used items picked off Craigslist, eBay, or Angie’s List. Some of these devices may have hidden features or even hacked.
What to do if your camera got hacked
This is not the end of the road. Simply because someone hacked your camera, doesn’t mean you should throw it away. Well, not always – here are a couple of stuff you can try before getting rid of your home security cam.
1. Change your password
It’s perhaps the most important cybersecurity advice anyone can give you. By regularly changing your password(s) you reduce those hacking odds by more than 50 percent. Aim for long passwords (at least 9 characters), use signs and symbols, and refrain from including references to your hobbies or personal life (date of birth, spouse’ name, pets, high school, etc.).
And yes, in most cases, you can do that even after someone somehow managed to hack your device. Quick advice: unhook the camera from the network before attempting a password change. This way you can ensure that no one can overwrite your new password or revert to default.
2. Wipe and revert to factory settings
When all else fails, you could try to wipe the cam’s internal storage and attempt to revert to factory settings. This usually clears out most of the junk hackers to assert control over your security camera. Don’t forget to back up your recording before going through with this. For more info on how to perform this type of reset, check your camera’s manual.
3. Choose better encryption
Although obsolete, some security cameras still have WEP and WPA encryptions enabled by default. Ramp up your defenses by switching to WPA2 or WPA3 encryption if your camera supports this cryptographical format.
4. Regular firmware updates
Manufacturers regularly releases security updates for security cameras. They contain definitions for the latest viruses and malware. So, if you want to stay ahead of the game, do yourself a favor and install these firmware updates as soon as possible. The security camera will notify you once an update is ready.
5. Use Two-Factor Authentication
As you might have noticed, most websites now support 2FA authentication. Well, so do home security cameras; not all, but those that matter have it. Anyway, if your camera model supports 2FA, go ahead and make the switch – it’s a lot harder to hack, if not downright impossible.
6. Use a good antivirus\antimalware solution
All security cameras have some sort of in-built antivirus or antimalware software. However, it’s rudimentary at best and won’t do you much good if you become the target of a sophisticated, multi-vector attack.
Since everything boils down to how your security camera negotiates with the router, it’s only fair to assume that it might be used as an entry point for hackers.
Unfortunately, there aren’t many cybersecurity solutions on the market that ‘look’ beyond the endpoint level. However, our very own Thor Foresight Home can stop malware at the DNS, HTTP, and HTTPS level. This means that the nasties don’t even reach your device. How cool is that?
EASY AND RELIABLE. WORKS WITH ANY ANTIVIRUS.Try Thor Foresight
If you haven’t gotten around to installing a security camera, there are a couple of things you should be aware of in the area of privacy.
Like everything in life, installing a surveillance system, whether at home or at your workplace, requires the consent of all parties involved. If you’re aiming for an indoor security camera, there’s no need to worry about any privacy issues.
However, the rules are slightly different for outdoor surveillance systems – if the camera’s just about the front door and, therefore, records what’s happening in the immediate vicinity of your home, no problem.
On the other hand, if that system was designed to monitor the surroundings, you are required, by law, to ask for your neighbors’ consent. Why? Generally, because people don’t like to be spied upon and, yes, I know that you mean good, but remember the saying: “Hell’s paved with good intentions.”
Workplace-wise, if you’re an employer, it’s mandatory to inform your staff about video surveillance. Furthermore, you are also required to get their consent in written form.
One more thing – even if you inform your employees and have them consent to be monitored, it’s still illegal to place surveillance cameras in certain areas (i.e. lockers, restrooms, dining room) or to hide them.
Home security cameras can be hacked. And, as always, it’s up to you to prevent some creep from spying on you. I hope you’ve enjoyed the article and, as always, all comments, rants, and beer donations are welcome.
The post Home Security Cameras: Safety and Privacy Issues Explained appeared first on Heimdal Security Blog.