Home Gadgets Computer science student finds security problems in home surveillance cameras

Computer science student finds security problems in home surveillance cameras

by admin

Florida Institute of Technology student Blake Janes found security flaws in outdoor and home surveillance camera systems and smart doorbells from Ring, Nest, SimpliSafe and eight other manufacturers. At issue is a breach in a feature that allows an account to be deleted. Jaynes found that the feature doesn’t work properly because it leaves the remote account user able to access the video the camera is recording.

Janes’ results of his research. presented in a paper "Endless History : flaws in the authentication and access control mechanism in shared Internet of Things devices." The student also informed camera manufacturers about the vulnerabilities and suggested several strategies to fix the problem.

A security problem can manifest itself, for example, when a couple breaks up when one partner changes residence. They each have access to the same camera through the app. Even if Person A restricts Person B’s access to the video recordings on his device, Person B’s device will not be affected. Thus, Person B will still have access to the camera even if the other party restricts this access and changes the account password on his smartphone.

The reason for this is that access permission is granted mostly in the cloud, rather than locally on the camera or smartphones. This approach is preferred by manufacturers because it allows the cameras to transmit data in a way that doesn’t require each camera to be connected directly to each smartphone.

In addition, manufacturers have designed their systems so that users don’t have to repeatedly respond to access requests, which can be annoying and lead to the user ending up simply turning off security checks, if they are installed, or giving up on the camera altogether.

The problem is compounded by the fact that a potential attacker doesn’t need advanced hacking tools to attack or spy on another person, since everything can be done just by using an app on the smartphone.

"Our analysis reveals a systemic failure in device authentication and access control schemes for common Internet of Things ecosystems. Our study shows that vendors still have a long way to go to ensure the security and privacy of content created by the IoT, " the paper’s author concluded.

Manufacturers in whose devices the flaws were found: Blink, Canary, D-Link, Geeni, Merkury, Momentum. In addition, the problem affected cameras Nest Indoor, smart doorbell Nest Hello Video Doorbell, outdoor cameras NightOwl, smart doorbell Ring Pro and Standard, outdoor cameras and home surveillance cameras SimpliSafe and TP-Link.

Although manufacturers will make fixes to their devices’ systems, experts at Florida Institute of Technology Remind users that if they have one of the above mentioned cameras, it is important to update its software to the current firmware.

You may also like