How Secure Are Wi-Fi Security Cameras?

Everyone’s seen the horror stories. Someone placed an Internet connected camera in their home and left it open to attack, allowing strangers to eavesdrop on their most private moments. Here’s how to pick a camera that guarantees your privacy.

Watch Out for IP Cameras

There are two main types of Wi-Fi-enabled security cameras: traditional IP (or networked) cameras, and modern “smart” cameras like Alphabet’s Nest Cam and Amazon’s Cloud Cam.

Most of the scary stories you see online about insecure cameras are about IP cameras. In theory, there’s nothing wrong with IP cameras. These are simply security cameras that connect to the network, either over Wi-Fi or a wired Ethernet connection. They provide a web interface you can use to view their feed. These cameras can also be hooked up to a network video recorder system or a computer, letting you view and record all those camera feeds in one place. The cameras may have some built-in storage, but it’s generally your job to record their video feeds somehow, if you care to do so.

In practice, many people don’t set up these cameras securely. They leave them configured with the default username and password, and then connect them to the internet. This means anyone can watch the feed just by visiting the camera’s IP address online. There even are search engines like SHODAN designed to help people find these exposed camera feeds and other vulnerable Internet of Things devices.

If you’re just an average person looking for some simple security cameras, skip the IP cameras. If you’re a hobbyist with the do-it-yourself spirit, you might want to give IP cameras a go. Just be sure you know what you’re doing and set them up properly so people can’t snoop on you.

How “Smart” Cameras Are Different

Modern security cameras like Alphabet’s Nest Cam (Alphabet is the parent company that owns Google), Amazon’s Cloud Cam, and Netgear’s Arlo, for example, are different than IP cameras. These are designed as easy-to-use smarthome devices.

Instead of providing a dumb web interface pre-configured with a default username and password, cameras like these require you use an online account system. Live video feeds and recorded video clips are available through those online accounts. That account can sometimes be configured with two-factor authentication for additional security, which means even an attacker that knows your account’s password wouldn’t be able to view your cameras.

These types of cameras are automatically updated with the latest firmware, too. You don’t have to manually update them to fix security problems.

In other words, there’s no real complicated configuration. You just plug the camera in, create an online account, and then connect the camera to your account. As long as you choose a strong password and, ideally, set up two-factor authentication, there’s no way for an attacker to gain easy access.

Beware the Cheap Cameras

Of course, whatever smart camera you choose, it will be uploading its video feed—or at least video clips—to some server somewhere. It’s important that you trust the company involved.

For example, Nest is owned by Alphabet, which also owns Google. With Nest, you’re basically trusting Google. Other big companies, like Amazon, Netgear, and Honeywell also seem pretty trustworthy. These big companies should be serious about security and do a good job of securing their services. They have reputations to uphold.

Some cameras just seem less trustworthy. For example, the Wyze Cam costs $26, where other manufacturers generally sell their cameras for $100 to $200. We actually thought the Wyze Cam worked pretty well and it’s certainly an amazing value. However, Wyze doesn’t offer any two-factor authentication support. And, whenever you initiate a live streaming session, that video feed is provided by a Chinese company named ThroughTek.

Whether you trust a company like Wyze is up to you. For example, Wyze might be fine for keeping an eye on the outside of your house, but you might not want to place it in your living room. It’s worth nothing that you can even use a Wyze camera without connecting it to Wi-Fi, and just record to a microSD card.

Other cameras are even less trustworthy. In 2017, many cameras by Chinese manufacturer Foscam were found vulnerable to attack. For example, some of these cameras contained hardcoded backdoor passwords that would allow attackers to view live feeds from your camera. It’s worth spending a bit more for a more secure camera.

Choose a Camera That Supports Two-Factor Authentication

As we’ve already mentioned several times, two-factor authentication is a key security feature to have with a smart security camera account. You can set up two-factor authentication for your Nest account and Amazon account.

Unfortunately, the Wyze Cam doesn’t offer this feature. Even Netgear’s Arlo cameras don’t offer two-factor authentication, so don’t count on every camera from a trustworthy company including this type of security.

For maximum security and privacy, be sure to choose a camera that supports two-factor authentication, and be sure to set it up! Do your research before buying a camera.

How to Keep Your Security Cameras Secure

The core advice here is pretty simple. Here’s how to choose a secure security camera and keep your video feeds private:

  1. Buy a “smart” security camera, not an IP security camera that requires more configuration.
  2. Get a camera from a trustworthy brand you recognize, like Nest or Amazon.
  3. Use a strong password when you create your online account for the camera.
  4. Enable two-factor authentication. (Be sure to buy a camera with this feature for maximum security.)

If you do all these things, you should be completely secure. The worst case scenario would be a massive breach of Nest or Amazon’s servers, but that would be a big shocking story, and would be fixed immediately.


Please follow and like us:

How to Protect Your Router From the Latest Malware Attack

We talk a lot about software designed to attack our smartphones and computers, but it turns out your router might also be at risk. That’s right. Some dangerous new malware is going after the box you use to beam internet around your home or office.

Here’s what you need to know about the malware and how to keep your router protected.

The risk

VPNFilter is a new type of malware designed specifically to target internet routers. It’s capable of collecting communication information from your router, attacking other computers, and destroying your device remotely. According to Cisco, the malware has already infected over 500,00 routers around the world.

Not all routers are susceptible to VPNFilter, but a few of the major brands are at risk. Here’s the full list of devices (via Ars Technica):

  • Linksys E1200
  • Linksys E2500
  • Linksys WRVS4400N
  • Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • Other QNAP NAS devices running QTS software
  • TP-Link R600VPN

How to remove it

There’s no easy way to check if your router is already infected, but if your model is included in the list above, you shouldn’t take any risks. The easiest (and only) way to fully remove VPNFilter is to do a factory reset. Typically, that involves pressing down the power button for 5-10 seconds, but you may want to double check based for your specific router model.

If you don’t want to do a full factory reset (which can clear important data from the device), you can also simply reboot your router. This won’t kill VPNFilter entirely, but it will drop the malware back to its initial stage and buy you some time.

How to protect yourself

Once you’ve wiped your router, there are few ways to keep yourself protected moving forward.

First, make sure you’re running the latest firmware by logging into your router account in an internet browser and checking for updates. You should also change the admin password for an extra layer of protection.

Finally, make sure that remote management is turned off. This will block hackers from controlling your router without your permission. That should keep you safe from any future malware attacks as well.

By: Jacob Kleinman

Please follow and like us:

The Spectre security flaw is back and your devices are at risk

Right off the bat, 2018 brought us two massive security vulnerabilities that affected almost all types of processors known to man, whether they’re Intel, AMD, or ARM. The good news is chip makers and their partners, including Apple, Google, and Microsoft, eventually issued patches for the affected devices to prevent attacks.

These patches were meant to prevent hackers from accessing private information like user passwords from a computer’s memory by taking advantage of a certain design flaws. They were not permanent fixes, because these security issues are caused by the way the actual chip is built.

With that in mind, don’t be surprised to hear there’s a new Spectre vulnerability in the wild, and your computers need more patching.

Disclosed by Google and Microsoft, the Spectre 4 issue has been acknowledged by Intel in a blog post. The vulnerability doesn’t affect just Intel machines, as AMD and ARM are not out of harm’s way either. This new flaw could be used by hackers in browser-based attacks.

Like the other GPZ variants, Variant 4 uses speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel. In this case, the researchers demonstrated Variant 4 in a language-based runtime environment. While we are not aware of a successful browser exploit, the most common use of runtimes, like JavaScript, is in web browsers.

Intel says it already issued the microcode update for Variant 4 to its partners, and it should be released into production BIOS and software updates over the coming weeks. However, the mitigation will be off-by-default, meaning the user will have to enable it.

Intel also noted that it had not seen any reports of hackers targeting this particular vulnerability. From the moment we first heard about the Meltdown and Spectre issues, we were told that fixes would have an impact on performance. The same goes for the new fix, and Intel noticed a performance drop of 2% to 8% on client and server systems. Read Intel’s full advisory at this link.

By: Chris Smith

Please follow and like us: