The Internet of Things. Even if you’ve never heard the term, guaranteed you’re a part of it. The Internet of Things, or IoT, refers to the giant network of physical objects (basically anything with on/off switch) connected to the Internet and each other to collect and exchange data. It’s like an entire subversive universe that’s not actually subversive at all. The growth of the IoT continues to be impressive, with speculations that by the year 2020, we can expect over 26 billion connected devices. However; this growth does not come without its growing pains as it also opens us up to an entirely new crime and an entirely new type of criminal.
Virtual intruders are hackers who gain access to privately used security or surveillance cameras, or really anything that compromises your privacy and/or security. This information can be placed on the Internet for all to see, or used to commit fraudulent crimes. The popularity of smart homes is on the rise as the ability to make our lives easier and more convenient becomes more available to us; however, some smart homes and video surveillance systems are allowing homeowners to become MORE vulnerable, which means that cameras themselves need to be protected. Even if you don’t have a home surveillance system or smart home features, security cameras in general are increasingly becoming a part of our day to day lives. You might not want to believe that you could be on camera walking down the street or sitting at your place of business, but chances are that you are.
While most of us recognize our vulnerability when it comes to identity theft or even smart phone scams, few people understand that devices intended to keep us safe and secure can actually be doing the exact opposite. The emergence of easy do-it-yourself video surveillance cameras in homes and businesses are gaining popularity, but many of these DIY options are some of the most vulnerable. There are a few ways that a criminal can hack into your surveillance system.
First, if your cameras are connected to your home Wi-Fi, it’s a matter of password hacking to gain access to your live feed. Many people keep the default password (which is usually something very basic like admin or admin 1234), which is asking for trouble. In fact, one Atlanta-based report that aired just this week found that there are lists of passwords that can be found online for anyone to see. Another segment on American Public Media’s Marketplace found that a simple Google search for a specific phrase could afford them the ability to hack into personal home surveillance cameras.
Another way you can be hacked is through malware that comes on the firmware of the actual camera system itself. Consider this incident where surveillance cameras infected with malware were sold on the popular ecommerce site Amazon. Security researcher, Mike Olsen, found that the device’s firmware of a specific camera sold by Urban Security Group linked to a host name Brenz.pl, known to be malware that can be downloaded and installed, leading to unlawful surveillance and data theft. This story is important because most of us are pretty aware enough not to click on weird links or open odd emails, but as Olsen warns, “threats do not just come from dodgy social media links, phishing campaigns, or social engineering- firmware can host malware too.” Basically, any device containing network/ Internet capabilities can harbor threats in the form of malware, even items purchased on reliable sites like Amazon.
The bottom line is that it is important to recognize that all computer-controlled devices are vulnerable to anyone who wants to gain access to the on-board network, and that integrating smart home technology presents a risk as we add more “things” to the Internet of Things. For now, prevention is your best solution. Some preventative measures include really basic ones like changing the default password and checking for malware before you set-up do-it-yourself home cameras. Firmware should be signed and encrypted to prevent bad firmware uploads, and if you are getting your video surveillance cameras or smart home features from a company, they too should offer bank-grade encryption at least.