In the News

You buy a security camera to keep your home safe, but is your camera keeping your privacy and data safe? CR’s Digital Lab evaluates digital products and services for how well they protect consumers’ privacy and security.

After six weeks of testing that included evaluating more than 70 privacy and security criteria on 26 cameras, our experts found that nine security-camera brands—Blue by ADT, Canary, D-Link, Eufy, Honeywell Home, Logitech, Toucan, TP-Link, and Zmodo—still lack two-factor authentication, a more stringent security measure than using just a single password to log in.
Australians are being filmed through private security cameras that are being streamed on a website based in Russia.

"We all laugh and joke about Big Brother watching us and things like that, but the reality is there is quite the opportunity for people to be watching us anywhere."
Some popular home security cameras could allow would-be burglars to work out when you've left the building, according to a study published Monday.

Researchers found they could tell if someone was in, and even what they were doing in the home, just by looking at data uploaded by the camera and without monitoring the video footage itself
More than 100,000 indoor security cameras in UK homes and businesses potentially have critical security flaws which would put them at risk of hacking, a new Which? investigation has found.

If you own one of these cameras, an attacker could spy on your home, steal your data or target other devices. And even if you change the camera’s password, it’s still potentially at risk.
By storing your camera recordings in iCloud, you can trust that only you will have access to them. In my house, we have eufyCameras on the outside and a Netatmo camera on the inside. All of these cameras are HomeKit Secure Video compatible.
  • A team of researchers has experimented with the potential for domestic abuse and harassment via IoT flaws.
  • The students have found that 16 out of 19 popular IoT camera models are susceptible to this type of exploitation.
  • IoT vendors focus more on the usability of the devices rather than securing them against access peculation.
Former ADT employee Telesforo Aviles repeatedly accessed the indoor security cameras of 220 customers over the course of seven years, now ADT faces two class-action lawsuits.

Installing home security systems is meant to make you feel safe and secure, but ADT customers have experienced the opposite, with the revelation a company employee has been spying on them for years.
Amazon pushes Ring as a crime-fighting tool. Data from three of Ring's earliest police partnerships doesn't back up that claim.
The so-called ‘search engine for the internet of things’ exposes which connected devices are at risk, and is being used by the good and bad guys alike.

There’s something deeply unsettling about peering into other people’s insecure webcams
A data request submitted by the BBC has set alarm bells ringing about the data privacy regulations of doorbell company Ring. The data record provided the documented use of a Ring 2 Video Doorbell for 129 days. There were 1,939 individual "camera events" recorded and stored over the period. The data Ring stores is rather intrusive, as it keeps a record of its customers' life.
If you use the camera but not the feature which allows you to remotely access it from the internet then it's recommended you turn that feature off.
Parents rely on internet-capable baby monitors to keep a close watch over their infants. However, an investigation by Bitdefender and PCMag has found that hackers can also exploit some iBaby monitors to spy on those same children.
How safe are the smart cameras in your home? A number of Ring employees were fired for watching customer videos more than they should have been.
So-called "smart" security cameras have had some pretty dumb security problems recently, but a recent report regarding a Xiaomi camera linked to a Google account is especially disturbing. One Xiaomi Mijia camera owner is getting still images from other random peoples' homes when trying to stream content from his camera to a Google Nest Hub. The images include stills of people sleeping and even an infant in a cradle.
If you invest in an internet-connected security camera system, one might expect that the makers would take security extremely seriously. After all, what consumer would invest in such a system if they were worried about hackers spying on them in their home?

Shockingly, executives at Wyze Labs, makers of a line of popular affordable security cameras, just announced that personal information from 2.4 million customers had been exposed to the public. The breach included information like WiFi network details and customer email addresses.
Ring security camera hacks see homeowners subjected to racial abuse, ransom demands Multiple U.S. families have reported incidents of Ring camera systems being hacked in recent days, raising questions as to whether the systems are allowing hackers access to people's homes, without ever having to set foot inside.
Under some circumstances, a wireless home security camera made by D-Link can transmit unencrypted video across the web, a Consumer Reports investigation has found. That could allow the video to be accessed by strangers.
Tara Thomas thought her daughter was just having nightmares. “There’s a monster in my room,” the almost-3-year-old would say, sometimes pointing to the green light on the Nest Cam installed on the wall above her bed.
D-Link has reached a proposed settlement with the U.S. Federal Trade Commission, which alleged the IoT device developer left consumers vulnerable to hackers through inadequate security practices.
Lack of security in the default settings of Internet-enabled video cameras make co-opting video feeds not just a movie-hacker technique, but a reality for millions of cameras.
Security researchers have uncovered a security flaw in a popular home security camera which permits remote spying without any form of authentication.
Trend Micro, a cybersecurity solutions provider, recently reported that it blocked ~5 million hacking attempts of IP-connected cameras in just the last 5 months. This means that a hell of a lot of people are trying to hack into Internet-connected cameras.

But why?
One of the world’s largest threat intelligence research groups, Cisco Talos, recently discovered scores of vulnerabilities in Google’s Nest Cam IQ indoor camera. Cisco Talos identified multiple exploitable problems with the IP security camera. The vulnerabilities were linked to Weave, the protocol Nest relies on to enable users to configure and establish initial communication of the device. The vulnerabilities could allow an attacker to carry out a range of attacks, from denial of service, code execution or information disclosure. An adversary could also seize control over the affected devices.
A few months ago, Arjun Sud from Illinois-US heard a man’s voice from his seven-month-old son’s room. The voice was coming from one of the Nest cameras installed in the child’s room.
It's often terrifyingly easy for hackers to spy on your sleeping baby. One South Carolina mother may have found that out the hard way.
Despite its ubiquity, Internet of Things security still isn't ready for prime time.
Someone got a peek inside a stranger's kitchen in a clear privacy breach.
Kaspersky Lab researchers found multiple vulnerabilities in certain smart cameras that could allow attackers to obtain remote access to video and audio feeds.
“My son came running out of the playroom and found me in the kitchen and said 'it’s not daddy talking to me. It’s not daddy.'”
Ring has a history of lax, sloppy oversight when it comes to deciding who has access to some of the most precious, intimate data belonging to any person: a live, high-definition feed from around — and perhaps inside — their house.