If you install cameras in your home, you do so to protect your assets. But it’s good not to blindly trust these devices. There are more and more complaints about failures in cameras connected to the internet. The most recent case involves models from eufy, brand of Anker. There are also reports of problems with cameras Wyze and Amazon Ring🇧🇷
The bizarre Eufy case
The Eufy case gained repercussions after the security consultant Paul Moore released a video showing a Doorbell Dual camera transmitting data to the clouds without encryption. With this, the transmission can be intercepted by third parties with relative ease.
Still according to Moore, images uploaded to the clouds can be accessed even after being removed through the Eufy Security application. They are not recorded in videos, but in sequences of thumbnails, which is still a serious problem.
There is an aggravating factor here. Anker promotes the Eufy cameras with the promise that the images from them are transmitted with end-to-end encryption directly to the user’s cell phone. But Moore was able to access the stream simply by connecting VLC to a Eufy server.
It gets worse. It is relatively easy to find the address of a Eufy camera as it is based on the Base64 encoded equipment serial number. This method can be reversed with little effort.
wanted by The Verge, Anker has denied that footage from its cameras can be played back on third-party devices. But, also using VLC, the vehicle itself was able to intercept images from its Eufy cameras in a test.
So far, the company has not provided additional explanations about the case.
The unfixed crash in Wyze Cam v1 camera
What if the camera has a vulnerability that cannot be fixed? This is the case with the Wyze Cam v1, a smart home camera that has gained many fans due to its low price. In the United States, the model was launched for around US$ 20 in 2017.
Lo and behold, in 2019, Bitdefender notified Wyze of three security flaws in its cameras. The company started working on fixes immediately, despite only acknowledging Bitdefender’s report in late 2020.
The two companies began to work together to correct the problems. However, it was only this year that Wyze warned that the Cam v1 cannot have its firmware updated because of its limited amount of memory.
The unfixed flaw allows data stored on the camera’s SD card to be accessed by third parties. Given the seriousness of the problem, the company started sending emails to its customers to warn that the Wyze Cam v1 cannot be updated.
The solution? Stop using it. O Camera support ended in February🇧🇷 Perhaps it is even a case of ceasing to use the brand. O Verge points out that Wyze has known for three years about the vulnerability in the camera, but did not address the issue in a timely manner.
The case is only not more serious because, to gain access to the memory card, the attacker needs to enter the network where the camera is installed.
it can always get worse
These cases are not isolated. There are several reports of failures to protect user privacy involving cameras. And the problem is not always vulnerabilities in the camera software or in the surveillance system.
THE CNET draws attention to the case of the company ADT. In 2020, hundreds of the company’s customers in Texas were targets of espionage. The technician who installed the cameras for these people registered his email in the accounts of each one of them to have access to the images from the devices.
It gets to be ironic. Imagine installing security cameras to protect your home and having them used to let an intruder know when your home is empty. Well, the technician was fired and subsequently detained by the authorities.
Another emblematic example is that of a Amazon Ring camera that was hacked by a hacker in 2019🇧🇷 The invader took advantage of the breach to terrorize an eight-year-old girl.
At the time, Amazon stated that the problem may have been caused by using a weak password. However, at the same time, the Motherboard discovered that hackers had created specific software for breaking into Ring cameras.
As if that were not enough, Amazon has become involved in an ethical issue. Also in 2019, the company was criticized for allowing more than 400 US police departments to access customer Ring cameras🇧🇷 The pressure made the company give up sharing the images with the authorities.
palliative measures
Ditching internet-connected cameras is the most obvious solution, but not the ideal one. Anyone who remotely accesses their cameras does so for a reason.
The way out can be to adopt some additional precautions, such as not placing the cameras in sensitive places in your home, if possible – such as the hallway, instead of the bedroom.
Using recent camera models is another idea, as this increases the chances of the device receiving firmware updates. It’s also worth getting professional help setting them up if you have little technical knowledge.
They are not measures that solve the problem. They just lessen the damage if something gets out of hand. In any case, it is worth following a careful behavior. At least until the industry steps up to prevent security cameras from turning into the opposite of what they promise to be.
https://tecnoblog.net/noticias/2022/12/01/por-que-voce-deve-ter-cuidado-ao-conectar-cameras-de-seguranca-a-internet/