Top Tips for Securing Home Cameras

By on

Installing a home surveillance camera system can add great benefits but also may introduce new risks to privacy and network security. The goal is to increase your security and peace of mind, while avoiding cybersecurity threats. Here are three tips to consider when purchasing, installing, and configuring your new home camera system.

The risks

Home Internet-connected cameras are targets for cybercriminals. Recently a number of large Internet of Things (IoT) attacks have occurred during which hackers have compromised hundreds of thousands of devices and enlisted them in massive botnets. These collections of ordinary devices, such as IP cameras, digital video recorders, and home routers, are directed by bot herders to send network traffic to a targeted destination. The massive flow of data overwhelms the target site and makes it unavailable. A recent attack against DYN, an Internet DNS lookup service, took out much of the east coast access to Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit, PayPal, and other sites in the United States. Hacking home devices has become a powerful tool for cybercriminals. That home camera you are considering could add to the problem and even be used by hackers to spy on you!

videocameras

Most attacks are not incredibly sophisticated. They can be traced to insecurely designed products, absent patches, and poor installation configurations. Security does not need to be difficult or time consuming, but it does require forethought and care.

Top 3 recommendations for securing home cameras:

Choose the vendor wisely. It all starts with choice. If privacy and security are important to you, they should be part of your purchase criteria. Not all home camera vendors are equal. Look for ones that work hard to maintain your privacy and security. How can you tell? Go to their web pages and look beyond their marketing advertisements, as everyone will splash the word secure everywhere. The question you must consider is whether they take security seriously and deliver. See if they publish security updates, have a security team, and offer detail about how they secure their products and services.

No product is safe indefinitely, especially in the IoT world. What matters is the level of commitment companies place on keeping their products secure for customers. It is highly desirable if they produce security patches and explain what vulnerabilities they find. Transparency is a sign of trust. For your part, you must be sure to patch and keep products up to date.

Many companies do not bother with a security team. It is a red flag if the vendor is without such expertise. This oversight means they are not likely to design robust security features, do not have people looking at vulnerabilities, are not developing patches, and are not verifying security in updates.

Those with a security team should openly discuss the controls designed into the product, testing criteria, certifications, and what bugs they have found. Professionals work hard and want to build trust with their customers. I like companies who also have bug bounty programs that reward white-hat hackers who find vulnerabilities and bring them to the attention of the company. Having the hacker community helping make your products more secure is a good thing.

The first and most important step is yours. You must select a trustworthy partner to supply the camera, software, and any additional services. Look at comments in reviews, from owners, and by security professionals who test these cameras. Choose wisely and you will be rewarded.

Set up in nonsensitive areas. Cameras are great ways to watch over your home. But at some time even the best products can be compromised. Therefore, placement is hugely important. Entries, common areas, and watching over babies are great places to set up cameras. Bedrooms, changing rooms, bathrooms, and other private areas are not optimal. Many modern cameras have microphones and other sensors. So even in common areas, you might want to consider what you are saying. Home cameras are tailored for easy setup and minimal fuss when dealing with data. Most work with cloud services that store data and make it accessible to you anywhere on most devices. This is a great feature, but it also means the recordings are not directly under your control—another place for hackers to target. So consider what data you want in the cloud. You do not want embarrassing or private clips to appear online. Where you set up cameras will determine how uncomfortable such situations could become.

Change default passwords. Home cameras come with a number of default settings to facilitate easy setup. Most do not need to be modified, but you must change the default password! Create a unique and strong password that you use nowhere else. Store it somewhere safe. Worst case, if you forget it, you can typically reset it on the camera itself. Many of the current variants of IoT botnets target the vast number of devices that still have default passwords, which are published on the Internet, thus granting attackers full access to cameras. Some vendors are now forcing users to change the password upon installation, but many still do not. Don’t be an easy target. Be smart and change the default password; it makes a big difference.

Home cameras are great. They provide a new sense of security and flexibility for our modern lives. But you must balance those benefits with the accompanying risks. By following a few steps, you will increase your control and make yourself a less attractive target. Enjoy your new camera with the confidence of security and privacy.

 

Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

Leave a Comment

Similar articles

This post was written with contributions from the McAfee Advanced Threat Research team.   The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies, based on McAfee® Global Threat Intelligence. This campaign, Operation Sharpshooter, leverages an in-memory implant to download ...
Read Blog
2018 was a wild ride when it came to cybersecurity. While some hackers worked to source financial data, others garnered personal information to personalize cyberattacks. Some worked to get us to download malware in order to help them mine cryptocurrency or harness our devices to join their botnets. And the ways in which they exact ...
Read Blog
Your home screen is just a matrix of numbers. Your device loses its charge quickly, or restarts suddenly. Or, you notice outgoing calls that you never dialed. Chances are your smartphone has been hacked. The sad truth is that hackers now have a multitude of ways to get into your phone, without ever touching it. ...
Read Blog