The FBI warns: home surveillance devices are being targeted
Mounting an IP camera is the same as hosting an open-house party with an invitation to hackers
The FBI warns that stolen email credentials are being used to hijack home surveillance devices. Around 3.5 million security cameras installed in homes and offices expose the gadgets’ owners to the risk of being spied on, getting their private data stolen, or jeopardizing other devices on the same network, “Which?” reports.
Who has access to your home camera?
Home security cameras (IP cameras) are easy to access. “Normally, IP cameras are always on and available via remote access. All you need to do is log in to it from your browser. Sadly, convenience comes at the cost of hosting an open-house party where hackers are invited to join,” says Daniel Markuson, digital privacy expert at NordVPN.
Back in 2020 in Singapore, hackers hacked security IP cameras and shared the footage online, specifically on pornographic sites. The footage hackers stole from home users featured naked people in compromising positions, couples being intimate, mothers breastfeeding their babies, and people using the bathroom. The victims’ faces are not blurred, which makes them easy to identify, especially with facial recognition technology. This kind of hack poses a lifetime threat to the victims.
In another incident, a stranger talked to a minor through a hacked indoor security camera. The intruder said he was Santa and told the victim to destroy all of her toys. As a result, the mother sued the manufacturer.
Outdoor cameras are also a common target. A homeowner in Chesapeake says he felt “violated” after someone hacked his email and Ring account, faking a suicide call and claiming to make money on a livestream.
Scale of vulnerability
Many IP cameras on the market are vulnerable to digital snooping, making security features key when you shop for and use these devices. Among the 3.5 million cameras “Which?” identified as vulnerable, Alptop, Besdersec, COOAU, CPVAN, Ctronics, Dericam, Jennov, LEFTEK, Luowice, QZT, and Tenvis cameras tend to lead the list.
A digital privacy expert warns: “Other manufacturers are affected too. There are even websites indexing unsecured security cameras around the world. One of them provides access to thousands of cameras, which can be filtered by camera manufacturer, country, city, and even room type.”
Why are home cameras so vulnerable?
In theory, two secrets guard an IP camera against hacking: its IP address and password.
“In reality, most cameras use standard IP addresses, and they send similar replies to requests sent by search robots. In addition, lists of millions of cameras’ IP addresses are regularly shared on hackers’ forums,” says Daniel Markuson.
Some cameras do not even have passwords. Others have default passwords that can be found in their manuals. The list of the most common logins and passwords for various models is available on the internet.
Can’t someone just fix the problem?
According to NordVPN’s digital privacy expert, fixing the vulnerabilities in impacted devices is particularly complicated because the open-source software used in those cameras isn’t owned by anyone. The best thing you can do is take security measures yourself.
“Before you buy a camera, make sure it uses at least some protections. If you access your camera’s video feed remotely, your camera will send information beyond your home wireless router via the internet. If your camera uses SSL/TLS to protect your information in transit, the URL for the camera’s login page should begin with https (the “s” is for secure),” says Daniel Markuson.
Check your camera’s password settings. Set up your IP camera to require a password. The password should be complex and unique. It shouldn’t be a word from a dictionary or used to unlock other accounts.
Enable your camera’s security features. If you bought a camera that encrypts data transmitted via the internet, turn this feature on. And always update your device with the latest security patches.
Hide your online traffic with VPN connection set up on your router. If you set up a VPN, like NordVPN, on your router, you can connect and secure any number of gadgets with a single device slot. Any device that connects to it, including your home security camera, will automatically be private on the internet.