You’ve probably seen the stories in the news about trouble with do-it-yourself Wi-Fi home security cameras. There are home camera “invasions,” where user video is stolen from private cameras and posted to the internet, or straight-up hacking where an unknown person can access your camera and the microphone attached to it, and speak to you, threaten your children, or otherwise harass you from afar.
While these instances are rare, they do exploit certain vulnerabilities in wireless home surveillance cameras, so it’s important to know how it happens, how you can tell if your camera’s been hacked already, and how to secure your home network and evaluate whether your cameras are at risk and fix them.
How do hackers get into your cameras?
Why hackers hack security cameras is a whole separate question, but there are two common ways hackers can access wireless network information.
Local Wi-Fi network hacking
The first involves the hacker being within the range of your Wi-Fi. The hacker either guesses your Wi-Fi password or creates a duplicate or spoof network that looks like your Wi-Fi network. Next, they suppress the real network so that you sign in to their network instead. Once they have your password, they log in to your actual Wi-Fi network, and that’s where the trouble begins.
Remote hack attack
While these local attacks are possible, they’re much less likely than a remote attack. Remote attacks occur when hackers gain your actual password info. How do they get your password? Sometimes if people use weak passwords like 11111, password, or 123456, hackers can simply try a bunch of the most common and default passwords until they hit on the right one.
Data breaches
Alternately, hackers can mine the web for passwords gleaned from data breaches on other websites. They’ll match your email address up to a password you used on another site and, because we humans are lazy or just don’t want to remember a dozen different passwords, they know the password used on the hacked site is likely also a match for the site or app they’re trying to hack into.
Phishing
Phishing is also a common way to get people’s passwords. Phishing involves the hackers sending you an urgent-sounding email or link that you click on. It will likely suggest you’ve already been hacked and need to reset or confirm passwords and email info. When you click the link and “confirm” your information, you’ve just provided it to a hacker, who can then log into a home security app and run roughshod. If they can get into one device, they start trying others (this is called “land and expand”). (Quick sidebar: never use an unexpected link to confirm any account information. Go to the site directly by typing the address into your browser and log in or load up your app and log in there. If you’re suspicious, you can also call your home security camera’s customer service number to check on the legitimacy of any request.
How do companies protect your cameras?
Camera companies (and there are many, from Ring to Google Nest, Wyze, Arlo, and Blink: Check out our picks for most secure home security cameras to learn more) use high-end encryption to protect your camera. These are incredibly long and random strings of numbers and letters that are almost impossible to crack. While high-end encryption is indeed secure, the problem comes from hackers gaining access to the network itself, avoiding the need to provide encrypted info to the camera.
What is two-factor authentication (2FA)?
Two-factor authentication is a process that adds more security to your device logins by requiring more than just a password to log in. When you log in to a 2FA site, the company will send a single-use text or email with an authentication code. Without that code, you (or the hacker trying to get in) can’t access that site or app.
There are also authentication apps like Google Authenticator that provide you with a limited time code. Limiting time codes means the hackers can’t keep trying to crack the code, at it resets in minutes. Some cameras, such as the Amazon Cloud Cam and some of Nest’s indoor cams, are equipped to use 2FA, while Ring has been rolling out this technology also.
Tips for keeping home security cameras safe
Fortunately, keeping your home security cameras safe from hackers doesn’t take much work or effort on your part.
Always update the application as well as the firmware for your camera. Always change the default password or PIN on the camera, if it has one.
Don’t use easy-to-guess passwords (a quick Google search of most common passwords will show you if you’re using an unwise password). Add characters and numbers to any password, and change the password from time to time to make it less obvious to the hacker’s software.
Watch out for posts on Facebook or Twitter that seem like fun nostalgic throwbacks. If someone is asking you to post the street you grew up on or your mother’s maiden name, and your favorite color as a “superhero name,” you’re giving hackers some information that can help guess your passwords — or you’ve just supplied the responses to known security questions many websites and apps use.
Use a password manager: These apps allow you to use a single password to access the app, and then the app can store your passwords or create challenging passwords for you.
Make sure you monitor your network from time to time. Keep an eye out for high usage or data spikes, and check the log-in devices list to ensure no unknown devices or users are on your home network.
Buy your cameras from reputable manufacturers. That cheap $20 camera from some company you’ve never heard of might not be such a great deal if it’s got a back door inside it.
Finally, always use two-factor authentication if it’s an option. While it may seem like a tedious extra step, it’s designed to protect you. Use a unique password for your home security camera network and never use the same password as any other app or log-in. If you’re going to scrimp on these security options, limit cameras pointed at beds or in private spaces (and read up on where you should and should not place a camera). Stick to keeping cameras pointed at doors and window exits.