Home security cameras – are they actually letting the bad guys in?
A worldwide report conducted by Avast on the vulnerability of home networks has revealed that 40.8 percent have at least one vulnerable connected device, putting the entire smart home at risk of cyber attack. Australia ranks slightly below the global average, with 33.4 percent of connected devices deemed to be at risk.
Of those at risk, the very device that consumers deploy to protect their homes may, in fact, be exposing them to attack. The report, conducted using Avast WiFi Inspector, scanned more than 117,000 Australian home networks and discovered that 11 percent of connected home security cameras are at risk of attack. Looking at the global averages revealed in the report, it appears that 69.2 percent of devices are vulnerable due to weak credentials, and 31.4 percent due to software vulnerabilities.
Excluding major devices such as PCs, smartphones and routers, security cameras rank as the seventh most common connected device found in Australian households, featured in three percent of Aussie homes.
Exploring the fact that nearly seventy percent of cameras are vulnerable due to weak passwords, it becomes apparent that there is either a lack of understanding about cyber defences in the broader community, or that people simply could not be bothered changing passwords – the “it will never happen to me” mentality.
Fred Juhlin from Axis communications, the world’s biggest vendor of surveillance cameras, suggests: “There’s a reason why passwords are also known as “keys”. They are your first line of defence, so you need to make sure they are resilient, frequently changed and that they are not shared liberally. You wouldn’t use the same key for your front door and everything else, from your car to your safety deposit box. Similarly, you wouldn’t make a copy of that key for every acquaintance you meet. That’s the same attitude you need to have when it comes to passwords.”
Australians whose homes feature security cameras as part of their security plan need to be aware of the risks involved, and have a proper defence strategy – just the same as a large organisation needs one, but on a much smaller scale. Relying on cameras to stay safe from cyber attack without human intervention is risky, so they need to be maintained. Large companies have administrators and managers who ‘harden’ the organisation’s defences by regularly changing passwords, adding security patches to software and keeping an audit of each device on the network, but it does not take a whole lot of work to administer the five or six cameras commonly found in the average suburban home.
“It only takes one weak device to let in a bad hacker and once they are on the network, they can access other devices and the personal data they stream or store, including live videos and voice recordings, reports Luis Corrons, Security Evangelist at Avast. “Simple security steps will significantly improve the integrity of digital homes. For example, the setting of strong, unique passwords and two-factor authentication for all device access, and ensuring software patches and firmware updates are applied when available.”
As stated above, the second most common ‘entry point’ for cyber attackers is through the device’s own firmware. Every camera has basic software installed, which allows it to operate. The software is often an entry-point for hackers because, once it has been deployed, many consumers think that their security camera is safe and functional for the duration of its lifecycle. However, like any software, a camera’s firmware needs to be updated to keep on top of the constantly evolving cycle of cyber threats. Security patches are generally the first and most important update provided by a camera vendor, and need to be applied at regular intervals to maintain the cyber safety of a camera.
The Avast report reveals the extent of camera vulnerability in Australia – and it does seem that better consumer education and stronger security measures on the vendor side are required in order to stop cyber criminals entering and attacking home networks.
-Brad