Skip to content

Hack-Proof Your Home Security Cameras

Posted by: Joe Schwartz

Published: December 9, 2016

A recent study shows that 61 percent of Americans are concerned about their wifi enabled home security cameras being hacked.

The odds of this happening are slim, but the fear isn’t exactly unfounded. As demonstrated in recent attacks on Jeep, Vtech, and Mattel products, skilled hackers can break into internet connected products in minutes. And with every purchase of a connected home device, consumers are unknowingly giving hackers a new opportunity to gain access.

Let’s take a closer look at how home security camera hacks can happen, and what consumers can do to prevent them.

Hack #1: Taking control of your home security camera’s connectivity

One way hackers like to break into connected devices is by taking them over for use in a botnet or some other nefarious purpose. A botnet is a network of private computers infected with malicious software and controlled as a group without the owners’ knowledge. In the instance of a home security camera, the hacker is taking advantage of the camera’s connectivity. This type of hack can also target other kinds of seemingly innocuous devices like printers and DVRs.

The goal of this hack isn’t to use your camera’s video feed against you, it’s meant to hijack the camera’s web connectivity and processing power for another purpose, oftentimes a Distributed Denial of Service (DDoS) attack.

A DDoS attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. These attacks can target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and access important information online.

This happened just last October, when Dyn, a New Hampshire-based company that monitors and routes Internet traffic, fell victim to a massive DDoS attack that prevented some users on the East Coast from accessing Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit, PayPal, and other heavily trafficked sites.

Hack #2: Accessing your home security camera’s video feed

The second and more frightening of the hacks, is in gaining a direct line to your camera’s video feed. This can happen as a local attack or a remote attack.

To access a camera locally, the hacker must be within range of your router. If so, they can then attempt to run a program that tries to decipher your wireless router’s password. Once they have the password, they can gain access to your network, as well as your connected home security camera.

Another way a hacker can get in locally is by “spoofing” your router, and then locking you out your actual device.

If you’ve ever set up a wireless network, you’ve probably noticed that your devices no longer need to be told to access your network after connecting the first time. Instead, they access the network automatically as soon as they come within signal range.

While a nice feature, but it one that is also prone to exploitation via a hack called “spoofing.” Hackers often attack a wireless network by simply creating a new “spoof” network with a stronger wireless signal and a copied service set identifier (SSID) in the same area as your legitimate network. This causes unsuspecting computers and devices to automatically connect to the spoofed network instead of the real one.

Local hacks aren’t very common for homeowners; remote hacks are the far more likely scenario. A remote attack is defined as a malicious action that targets one or a network of computers. In a remote attack, the hacker finds vulnerable points in a computer or network's security software from which to access the machine or system.

When a connected home security camera transmits its video feed over the internet, the video signal could be subject to password attacks. Something as common as a data breach could make your connected home security camera and other connected devices vulnerable to remote attacks. There isn’t much you can do to prevent remote  attacks from happening, except one surefire way: changing your passwords frequently. 

How to Know if Your Home Security Camera is Hacked

It’s very difficult to know when one of your connected devices has been secretly hacked. However, one potential red flag for connected home security cameras might be slow or significantly degraded performance.

When a hacker has taken control of a connected home security camera, the camera’s CPU cycles are forced to work very hard, which can interfere with regular camera functionality.

Of course, a degraded performance that is intermittent can simply be the result of a poor connection or signal, and not necessarily indicative of a hack. But if there is a sudden and sustained drop in your camera’s performance, it can’t hurt to take protective measures.

Ways to Protect Against Home Security Camera Hacks

According to the 2016 Norton Cyber Security Insights Report, one in five connected home device users don't have any protective measures in place for their devices.

Luckily, protecting yourself isn’t too difficult. Here are some tips for preventing hacks of your connected home security cameras.

Tip #1: Use strong passwords

It sounds like an obvious solution, but you may be shocked if you knew how frequently people (and businesses) set up security camera systems and don’t change the default username and password.

When setting up your cameras, be sure to use a strong password. Experts will tell you it’s best to create passwords that combine letters (both upper and lower cases), numbers and symbols. The more complex, the better. A strong password is your best defense against hackers.

Tip #2: Secure your home wireless network

Securing your WiFi network is another seemingly obvious strategy for protecting your WiFi-connected home security camera and other devices against hackers. This may include using WPA2 encryption, giving your home router a stronger password, updating the default SSID (ie. network) name, and/or turning off guest networking and sharing.

We also recommend that you consider placing your security cameras on a network of their own. Isolating your cameras to a single network means that if the cameras are somehow compromised, the hacker won’t be able to gain access to any of your other devices. If you want to take it one step further, you can also use a virtual private network (VPN) to further regulate which of your devices will be able to access the network the security cameras are on. You may also opt to log any activity on the network to make sure nothing out of the ordinary is occurring there.

Installing a firewall between your Internet connection and all of your devices is one more way to protect yourself. This may require the help of a professional.

Tip #3: Regularly update your security camera’s firmware

Manufacturers of home security cameras periodically update their firmware to fix bugs and enhance product performance. Sometimes these bug fixes solve security flaws, so make sure you are always using the most recent update.

Tip #4: Turn off remote online monitoring

Many WiFi-connected security cameras support remote viewing, which allows you to monitor your home through an app or website when you are away. The ability to log into your security camera remotely is part of the appeal, but app and/or website access can expose you to hackers if your passwords aren’t strong. If you’re worried, simply consider turning off remote monitoring when you aren’t using it.

Tip #5: Purchase your home security camera from a trusted source

Whether a DIY solution or a locally monitored home security service, there are many sources to choose from when shopping for WiFi-connected home security cameras. Do your research to ensure you’ve got a reliable one that offers excellent customer service.

Many widely available wireless home security cameras that you can get at big box stores like Home Depot, Walmart, Best Buy or Amazon, authenticate users without requiring them to create passwords. This vulnerability can make your network susceptible to hackers.

And stay away from used security equipment. A bargain may be enticing, but you won’t know who has previously accessed it or whether any unauthorized modifications have been made. Spending the extra money on new equipment will be worth avoiding the potential problems.

If you do go with a locally monitored service, ask your account manager about the precautions they take to protect their products.



Liked what you read? Click below to request a free consultation and find out how our security experts can give you peace of mind.




Share this post:

Related Topics: Internet Safety, IT


Joe Schwartz

Joe is a Marketing Specialist for Doyle Security responsible for online content management.