3 Tips for Securing Home Cameras

Installing a home surveillance camera system can add great benefits but also may introduce new risks to privacy and network security. The goal is to increase the security and peace of mind, while avoiding cybersecurity threats. Here are three tips to consider when purchasing, installing, and configuring your new home camera system.

The Risks

Home internet connected cameras are targets for cybercriminals. Recently a number of large Internet-of-Things (IoT) attacks have occurred where hacker have compromise hundreds of thousands of devices and enlisted them in massive botnets. These collections of ordinary devices, such as IP Cameras, DVRs, and home routers, are then directed by their bot-herder to all send network traffic to a target destination. The massive flow of data overwhelms the target site and makes it unavailable.  A recent attack against DYN, an Internet DNS lookup service, took out much of the U.S. East Coast access to Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit, PayPal and other sites. Hacking home internet connected devices has become a powerful tool for cybercriminals. That home camera you are considering could add to the problem and even be used by hackers to spy on you!

videocameras

Tips for Securing Home Cameras

Most attacks are not incredibly sophisticated. They can be traced back to insecurely designed products, absence of patches, and poor installation configurations. Security does not need to be difficult or time consuming, but it does require forethought and care.

1. Choose the vendor wisely

It all starts with choice. If privacy and security is important to you, it should be part of your purchase criteria. Not all home camera vendors are equal. Look for ones which works hard to keep safe your privacy and security. How do you tell? Go out to their webpage and look beyond their marketing advertisements, as everyone will splash the word “secure” everywhere. The question you must consider is do they take it seriously and deliver? Look to see if they publish security updates, is there a security team, and do they talk in detail how they secure their products and services.

No product is safe for indefinitely, especially in the Internet of Things (IoT) world. What is important, is the level of commitment a company places on keeping their products secure for their customers. It is highly desirable if they are producing security patches and explaining what vulnerabilities they are closing. Transparency is a sign of trust. For your part, you must be sure to patch and keep products up to date.

Many companies don’t bother to have a security team. It is a major warning sign if the vendor is without such expertise. It means they are not likely designing in robust security features, don’t have people looking at vulnerabilities, not developing patches, and not verifying security in updates.

Those with a security team should be open in the controls designed into the product, testing criteria, certifications, and what bugs they have closed. Professionals work hard and want to build trust with their customers. I like companies who also have bug bounty programs that reward white-hat hackers who find vulnerabilities and bring them to the attention of the company. Having the hacker community helping make your products more secure is a good thing.

The first and most important step is yours. You must select a trustworthy partner who is supplying the camera, software, and any additional services. Look at reviews, comments from owners, and by security professionals who test these cameras. Choose wisely and you will be rewarded.

2. Setup in a non-sensitive area

Cameras are great ways to watch over your home. But expect at some time, even the best products, could be compromised for a period of time. Therefore, placement is hugely important. Entry, common areas, and even watching over babies are great places to setup cameras. Bedrooms, changing rooms, bathrooms, and other private areas are not optimal. Many modern cameras have microphones and other sensors. So even in common areas, you might want to consider what you are saying. Home cameras are tailored for easy setup and minimal fuss when dealing with data. Most work with cloud services which store data and make it accessible to you anywhere on most devices. A great feature, but that also means the recordings are not directly under your control and it is another place for hackers to target. So consider what data you want in the cloud. You don’t want embarrassing or private clips appearing on the internet. Where you setup the camera will determine the limits of how uncomfortable such situations become.

3. Change default passwords

Home cameras come with a number of default settings to facilitate easy setup. Most don’t need to be modified, but the default password should be changed! Change them to a unique and strong password which you don’t use anywhere else. Store it somewhere safe. Worst case, if you forget it, the can typically be reset on the camera itself. Many of the current variants of IoT botnets are targeting the vast number of devices which still have default passwords, which are published on the Internet, thus granting them full access to cameras. Some vendors are now forcing users to change the password upon installation, but many still don’t. Don’t be an easy target. Be smart and change the default password, as it makes a significant difference.

Home cameras a great. They provide a new sense of security and flexibility to our modern lives. It is important to balance those benefits with the accompanying risks. By following a few steps, you are increasing the controls and making yourself a less attractive target. Enjoy your new camera with the confidence of security and privacy.

Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

Published on Categories SecurityTags , ,
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.