In this post I provide some advice about protecting your home security cameras from hackers.
You may have seen alarming reports in the media of hackers and others gaining access to home security cameras and using them to talk to children or spy on adults, or both.
There have been reports of children asking their parents why the baby monitor camera is talking to them, and rumours of live home camera footage being available online for anyone to see. There are examples of this on YouTube. Search for ‘home security camera hacked’ and you’ll find plenty of examples.
This is obviously very worrying and distressing, and defeats the whole object of having security cameras in the home in the first place.
There is also a risk that, having gained access to your camera, a hacker could potentially reach other devices on your home network, even your computer and everything it has stored.
But before you switch off your cameras and your entire home network let’s get things into perspective.
How to protect your cameras
The good news is that there are some simple steps you can take to protect yourself against such intrusions, without you having to become a technical expert or having to hire someone to complete these tasks.
You should also remember that the risk is low and that the stories in the press tend to sensationalise the few occasions when this has been reported, even if the results are dramatic.
Home security cameras tend to be shipped with a default and therefore simple username and password. For example, when you first installed your camera the username and password may have been something like admin and admin or admin and password or even just a blank space instead of a password. You may have thought that since your camera is in your home and therefore connected to your WiFi (which has its own password) that no changes to the default login details were required.
Even if your camera is cabled to your broadband router it’s still at risk if these login details are not changed.
You see, these cameras are designed to be accessible via apps on your phone and websites on the internet. In order to facilitate this, the software creates a path through your broadband router to an online account and/or an app. For example, Reolink or D-Link cameras have both a web account in which you can view your cameras as well as apps that provide access through your phone.
This means an open path is created to the internet through the firewall (the security software inside your broadband router) that protects your home network and direct to the device. Hackers use tools to search for these holes in and, if the default username and password for the camera is still configured, it’s a simple task for them to gain control of the camera.
So the first thing you should do then is to change the default login details to something cryptic.
The username and password provide two, not just one way of hardening the security. You should not only change the default password to a random string of numbers, symbols, and mixed case letters, but also change the default username too.
Why not just leave it as admin? Because by changing it you’re adding an extra layer of security. If you leave the username as ‘admin’ then the hacker is half way there.
You should also ensure that your cameras are all using the latest version of firmware. Don’t assume that, just because your cameras are new they are already using the latest release. Firmware updates may have been released while your new camera was sitting on a shelf in a warehouse.
If your camera(s) has the option to update itself then switch this on. If not, then you’ll need to check your camera(s) every month or so for new firmware releases.
Don’t forget your broadband router
The same goes for your broadband router. You should change the default username and password, and periodically check this for firmware updates. If you can’t remember how to do this and you’ve lost the manual for it just google for the model number and add the word ‘manual’ and you’ll probably find a copy online.
Search for the router or modem model number with the keywords ‘default password’ and you’ll probably find that listed too – just as hackers can!
You can usually reach the admin screen for your broadband router by typing an IP address into your browser address bar. This will be something like; 192.168.0.1, 192.168.1.254 or similar – the manual will confirm the address for your particular model.
Once you’ve gained access to your broadband router, change the login password, check the firmware version, and familiarise yourself with the basic functions. It will probably tell you if what devices are connected to your home network, both wired and wireless. This is useful for checking to see if there are any that you don’t recognise or ones you’d forgotten about. You could also turn off any unwanted and unused services that the router may have enabled, like UPnP.
Other precautions you can take to protect your home security cameras are:
- Enable two factor authentication if it’s available. This is when you enter a username and password and then have to enter a temporary PIN code that has been sent to your phone or emailed to you.
- Buy new cameras from reputable brands with a verifiable support service.
- Don’t buy old or second hand cameras that may be compromised or no longer supported.
- Think carefully about where you position your cameras. Are they revealing anything that may be of use to a burglar or other type of criminal?
- Block all access to the camera from the internet.
- Use a camera that has no network connection and just stores footage on a microSD card.
Finally, you could just cover the camera or switch it off but this is a bit extreme as it would defeat the whole purpose of the camera.
The best way to protect yourself and your family is to learn how to use it correctly, harden its built in security, and to keep its software up to date.
Let me know if you have any questions by posting a comment below.