Those cheap Wi-Fi connected cameras that come attached to USB chargers, clock radios, smoke detectors or wall outlets are insecure at almost every possible level according to hands-on testing from security researcher Wladimir Palant.
As reported by Cybernews, many internet connected cameras leave access points open that allow anyone to view their feeds into your home. While many of this cheaper ‘spy’ cams, nanny cams or other types of internet connected cameras seem like an easy way to add a home security camera, they have no built-in security measures. To make matters worse, they're often controlled by insecure apps such as LookCam, which are filled with security flaws.
LookCam is used by millions, with thousands of reviews on the Google Play Store and it's also available on iOS and Windows. It pairs with many entry level devices that are popular for their low price point – some at roughly $40 – that work well enough in theory but they also provide strangers with unrestricted access to your home through the internet.
Palant says he found multiple security flaws including firmware issues, cloud uploads that were unprotected, false encryption and fake access controls. In his blog, Palant states “What I found far exceeded my expectations… everything that could be done wrong has been done wrong here.”
The security issues found within the LookCam app also extend to the other offerings from the same developer, which include tcam, CloudWayCam, VDP, AIBoxcam, and IP system.
Unfortunately, the problems don't end on the software side: the cheap cameras that use app are also problematic, as they have no way to update their firmware and users have no ways to operate them safely.
These cameras have no ability to be isolated from unauthorized access which means they're either going to function as a Wi-Fi access point (without a password) or they will require constant internet access. Often the communication required by these cameras is unencrypted or works using weak encryption that is badly implemented. The firmware used doesn't enforce password checks, so they can be skipped, and additionally, there's no TSL to ensure that cloud uploads are encrypted.
All this means that your ISP could easily see the data your camera is sending to the LookCam cloud, and that the 'secret' ID that the device uses to establish a connection is vulnerable to a variety of malicious behavior including brute force attacks and reverse engineering. Anyone with the device's ID could access it from the internet, or access the cloud server that has the recordings, and attackers could even compromise the camera to hack other devices on your home network.
The safer options
Palant urges users to dispose of these devices if they own one, and to not resell it because it just moves the problems along to someone else and continues the security issues.
Instead, make sure you’re buying equipment from a legitimate and trusted manufacturer, like those behind the best home security cameras. Companies like Ring, Eufy, Arlo, Wyze and others are known to manufacturer hardware that ensures your home stays safe and they release software that adheres to security best practices.
At the same time, you're going to want to make sure you practice good cyber hygiene too by changing your Wi-Fi password, keeping your devices safe with the best antivirus software and purchasing hardware from reputable sources.
Purchasing a cheap camera online might seem like a good deal at the time but doing so puts you at great risk. For instance, a hacker could access your camera feeds, record you doing something and then blackmail you by threatening to release the video. Likewise, a local attack could gain access to your camera feeds and then use them to determine the best time to break into your home.
With the Wyze Cam V4 selling for just $35, there's no good reason to get one of these cheap home security cameras. Instead of rushing out and getting a cheap camera from an unknown brand, you're much better off doing the necessary research like finding which home security cameras don't require a subscription and then waiting for a big sale, especially if you have a larger home where you want to install multiple security cameras.
Just like with cybersecurity, when it comes to your physical security, the old adage "if it seems too good to be true, it probably is" still holds up. This is why I highly recommend getting cameras from a well-known and trusted brand, even if the initial cost is slightly higher. It's worth it in the long run to know that hackers aren't watching your every move on the other side of the planet or worse, watching your children.
Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
