Resource Center

The Vulnerabilities of DIY Cameras

Mandee Thomas
Feb 6, 2019 8:04:00 AM

Several news stories about DIY security camera breaches made headlines recently and it is causing DIY security users to question whether or not their homes are as safe as they thought. Consumers are beginning to wonder which platforms are most susceptible to hacking and how they can tell if their devices have been compromised.

In this article, we take a look at some of the particular vulnerabilities of DIY security systems and what can be done to make sure users have the proper safeguards in place.

Vulnerabilities: IP vs. Smart Cameras

Both IP camera systems and smart cameras are attractive options for DIY consumers. Because of their similarities in functionality, these two platforms tend get lumped into the same “DIY” category; but there are differences between them that make for varied security risks, so let’s distinguish between the two.

IP Cameras

Standard IP cameras can be set up through Wi-Fi or ethernet and transmit video to a standalone storage device or computer. These platforms often require a more intensive set-up than smart cameras, but store the footage locally rather than automatically sending it to the cloud.

The problem with IP cameras comes in how users configure (or don’t configure) them. Most IP cameras come with pre-programed usernames and passwords that often don’t get changed when buyers install them. This leaves the system particularly vulnerable to hackers. It is an issue being addressed at a state level in California. Also, if users don’t keep the firmware (which has to be updated manually), up to date, the system can be put at risk.

Smart Cameras

Smart, integrated camera systems stream live video through a home’s internet connection to the company's servers. They require little to no upkeep, and updates are processed automatically. These camera systems are typically very simple to set up, but are very limited in the way they can be used.

Instead of coming with preconfigured credentials, smart security platforms require users to create an account (typically through an app) that connects to the cameras. While this is better than users gambling on pre-programed passwords, it still relies on people to choose secure passwords.

Two-factor authentication, and requiring strong passwords are two great ways for smart camera users to secure their systems more effectively. Unfortunately, though, only a couple companies currently offer it two-factor authentication. And even the companies that offer it don’t require it.

How to Know if a DIY Camera Has Been Compromised

Currently, there aren’t any foolproof ways to determine if a DIY camera has been hacked. In a recent Nest security breach, the user mentioned being able to hear voices over her camera speaker as well as her account profile picture being changed. Otherwise, the only potential warning sign of malicious activity could be slow or worse than normal performance of the camera system. But slow performance could be indicative of any number of things, so it’s not a great indicator of a system breach.

A Takeaway for Security Dealers

DIY security platforms have a lot to offer in terms of usability and overall cost-savings, but the risks involved are definitely something to be taken into account. As a security dealer, these points can be a good selling point for traditional, professionally-monitored camera systems. And if you are offering, or thinking of offering, smart security as part of your business package, it’s important to be aware the vulnerabilities involved—not necessarily to deter you, but to help you help your customers and ensure that they are protected.

Take advantage of our robust library of industry and AG related news, articles, webinars and other resources available through our resource center to enhance your success.  You will also discover valuable insights and content you can share with your subscribers through your website, newsletters, and emails.

Receive more useful content like this by signing up for our weekly AG Newsletter below: