Recently, there was a shocking headline on the BBC. It said: “Home Security Camera Sends Video to Wrong Person.” Louisa Lewis had looked at her phone’s security camera app and noticed that she was seeing someone else’s kitchen. There was also a random person stood washing the dishes.
Somehow, she was not seeing her own security camera via the app; rather she was inadvertently spying on another person. This person, going about their business, had no idea they were even being watched.
Creepy, huh? But how did it even happen?
According to the manufacturer, Swann, it was due to “human error.” The two cameras were accidentally given the same cryptographic key during the manufacturing process. However, this was not a one-off incident. It actually happens more than you’d think.
Hacked home security cameras
The camera’s software is especially vulnerable; so vulnerable, in fact, that it can be hacked with basic security tools you can find on the web for free. These tools intercept the messages that are being sent through the software. This means that by using a simple trick, any hacker with basic knowledge can watch your personal security camera.
And you won’t even know it’s even happening.
Researchers tried this trick and managed to hack the cameras easily. They found that sometimes they got an error message stating that one of the cameras was “already paired” with an account. Despite this, they could still view the stream, even without a username and password.
How? Because the camera never asked them for a username/password combination. They estimate that it would only take a couple of days for hackers to get into a camera simply by using numerous serial numbers until they find one that works.
Swann and OzVision, which provide the cloud technology for these cameras, say the issue allowing this to happen is now fixed. They also say the vulnerability was only on the SWWHD-Intcam model. Researchers believe, however, that OzVision could have known about this for several months, and only stepped up to fix the problem when pressured by Swann.
OzVision also provides cloud services to more than three million smart cameras from other brands.
Though this issue may now be solved, if you have one of these security cameras in your home, or even a video baby monitor, there is always the risk that it will get hacked. It happens all the time, and practically every brand of camera is vulnerable.
What’s even scarier is that there are actual websites featuring streaming video from hacked security cameras. All of this is available online to anyone—and you’d be shocked at the number of security cameras that have been hacked.
So what should you do?
Firstly, keep your own devices out of reach. Make sure, at a minimum, your home WiFi has an encryption security key and change the default camera password. Also, ensure your device’s security software is up to date. And whenever on open, unencrypted WiFi use Hotspot Shield to mask your data and encrypt all WiFi communications from your laptop and mobile device.