Smart security cameras that can catch a thief in the act can be a great tool for protecting your home, but they’re also a gateway for Cyber-Criminals to spy on you because they can access them through the internet. As per a recent study, 55 percent of Americans think that smart gadgets are the sole reason behind the loss of privacy.
News stories about home security cameras getting compromised have become all too common. You may recall one viral story from January 2019 concerning a California family’s Nest security camera being compromised to play fake warning messages that North Korea launched missiles in the United States. According to media sources, the family’s eight-year-old son was so scared that he hid under the living room rug. It was only after calls to 911 and Nest that the frightened family realized they were victims of a Cyber-Attack. Nest sent an email to its clients providing recommendations on how they can secure their privacy, but Nest itself wasn’t breached Cyber-Criminals probably got the log-ins to the family’s account by other means.
One-way security cameras are vulnerable to Cyber-Attack is through a technique called “credential stuffing.” Cyber-Criminals use usernames and passwords from other data breaches, to gain access to accounts. The combination of immense data breaches and consumers re-employing similar passwords works ultimately in the favor of the Cyber-Criminal and makes their job easy. In recent years, Cyber-Criminals have made the login credentials for over 8.2 billion online accounts available on the internet.
Because this type of Cyber-Attack doesn’t require a breach of a security camera company’s systems, every brand of camera is at risk. These companies aren’t technically at fault. Most companies offer a two-factor authentication system that acts as an extra deterrent against attacks like this, but there is more that these companies could do, like encourage customers to adopt added security features by default.
Subsequent credential stuffing and data breacheswon’t be leaving the web world anytime soon, however, there are some simple methods one can adopt to reduce the possibility of Cyber-Attack on their security camera.
In a nationally representative CR survey on data privacy conducted in May 2019, 13% of respondents with at least one online account says they use the same password for all their accounts. That makes it a cinch for Cyber-Criminals to gain access to multiple accounts. One should always produce a unique and out of the box password for each of their accounts. In addition to that, the manufacturers that are serious about protecting their cameras will routinely release firmware updates that fix software bugs and patch security vulnerabilities. Some cameras provide the facility where the device itself automatically downloads and installs the updates, however, some cameras lack that functionality and user has to update their devices manually.
Do: Use something long and complex like a random phrase or string of characters with numbers, symbols, and both uppercase and lowercase letters.
Don’t: One must always avoid keeping simple and commonly used passwords, which includes any personally identifiable information, such as names, birthdates, etc. Cyber-Criminals can often get this information from public social media profiles, such as those on Facebook or Instagram, and then use it to guess your passwords and gain access to your accounts.
This extra layer of security involves that your camera company has to send you a unique passcode via phone-call, message or by e-mail every time you try to login using your username and password. Hence, even if the Cyber-Criminal has your login information then also he won’t be able to gain the access of your cameras, like the moment after login he would require a unique one-time passcode from Camera Company.
This software produces incredibly complex, random passwords for your digital accounts. Which is securely stored in their encrypted data-base and it even remembers your password on your behalf. Many password managers are free to use and available on an array of devices and web browsers.