REVIEW: Home security cameras fall short on security
How secure are IP-based “security cameras”? Based on our review of seven home security cameras, the answer is: Not very. While these devices may get high marks for features and ease of use, security is another story. Our tests turned up results like these: One camera allows plaintext logins as the root user, with no password. That’s horrifying in this day and age. The same camera uses an outdated version of SSL that allows data leakage. A firmware update fixes both issues, but the upgrade is optional and many users skip it. Another camera leaks its private API structure in plaintext even though it uses TLS to encrypt traffic. This potentially allows attackers to change video streams and possibly other device parameters. Yet another camera can run a hacked firmware image that disables some services and enables others. Two more cameras present SSL certificates that not only claim to be a different host, but also come from a certificate authority with a record of issuing bogus credentials. It’s not all bad news. One camera, the CAN100USWT from Canary Connect, stood head and shoulders over the field in baking security into its product design. The Canary camera runs no services Continue reading