A few months ago, Arjun Sud from Illinois-US heard a man’s voice from his seven-month-old son’s room. The voice was coming from one of the Nest cameras installed in the child’s room. When the hacker realized that Sud had detected him, he started hurling abuses and threatening him. Google, in a statement to the US press, refuted that the Nest system was breached and claimed that such incidents took place due to poor password choices made by users. The incident was reported by CBS-owned WBBM TV.
Most home users are now turning to smart cameras to keep an eye on their home, children or pet when they are away at work or travelling. These cameras are easy to configure, can detect unwanted movements in the house and users can get a real-time feed from anywhere on their smartphones. But like most modern-day gadgets, smartphones are also a hacker’s delight.
The risk is not limited to the US or China. Users in India are at risk, too. “India, according to our data, has the most connected security cameras, accounting for a third (34.3%) of all smart home devices in India. Security cameras also happen to be the most vulnerable device in India, with 45.6% of them prone to cyberattacks,” cautions Vladislav Iliushin, Internet of Things (IoT) threat researcher, Avast.
Connected cameras accounted for 15.2% of IoT attacks in 2018, up from 3.5% in 2017, highlighting how their role has increased significantly in just one year, points out Ritesh Chopra, country manager-consumer business unit, Symantec.
According to Kaspersky, most cameras provide access to feed through a web interface, which provides a full-fledged management console to users. In other words, each camera has its own little website. The problem is that these websites and broadcasts can be easily found by specialized search systems such as Shodan and Censys. “With access to smart cameras, cybercriminals could also spy on the owners and use that knowledge to decide a good time to break into their home,” rues Chopra.
As per Kaspersky, the problem with most smart cameras is that both users and camera makers prioritize ease-of-use over device security. That’s why surveillance cameras can be easily hacked with brute force. A major challenge with smart cameras is that they lack both memory and compute power to run a security solution on top.
“There are little to no industry requirements that manufacturers have to comply with when it comes to security of smart devices like cameras. Instead, they are left to create their own proprietary standards for communication, where security is not always a top priority,” adds Iliushin.
Users can minimize the risks by regularly updating firmware and changing passwords more frequently. Delaying firmware updates or vulnerability patches even for a few months can expose cameras to secret back doors.
With growing adoption of smart cameras by home users, cybercriminals are likely to up the ante and cases like that of Sud will become common, unless camera vendors begin to take security more seriously. Users, on their part, will also have to up their game by using stronger passwords, keeping devices, such as smart cameras, on a separate network.
Smart cameras in India
Mi Home Security camera 360
The Mi Home Security camera is one of the cheapest smart cameras available in India today. It offers a 360-degree coverage, remote viewing capabilities and can also store video on device.
YI dome camera X
Originally backed by Xiaomi, Yi is quite well-known for its action cameras. But the brand also has an array of smart security cameras that it sells in India through Amazon.