WEBVTT

00:00:00.000 --> 00:00:03.340
Are you being watched?

00:00:03.340 --> 00:00:08.400
Millions of people have indoor smart cameras, but have you ever wondered exactly how resistant

00:00:08.400 --> 00:00:13.760
they are to being hacked? And whether someone could be watching you as you sit on your couch, tuck in your kids,

00:00:13.760 --> 00:00:17.680
or engage in other activities?

00:00:17.680 --> 00:00:22.880
Although many of the larger companies that sell indoor cameras tout security as a prime feature,

00:00:22.880 --> 00:00:26.280
IoT devices have a generally poor reputation

00:00:26.280 --> 00:00:29.560
for keeping hackers out. Because these devices are typically built

00:00:29.600 --> 00:00:35.760
with more of a focus on the primary function, whether that's a thermostat, a vacuum, or a camera.

00:00:35.760 --> 00:00:40.600
Their security usually isn't as good as say a PC or a smartphone.

00:00:40.600 --> 00:00:44.600
So if you're in the market for an indoor camera, how can you know there isn't some kind

00:00:44.600 --> 00:00:48.320
of vulnerability like this lurking in the model you've been eyeing up?

00:00:48.320 --> 00:00:51.600
Unfortunately, you can't, especially as there's no such

00:00:51.600 --> 00:00:57.440
thing as absolute security online. Or in life for that matter.

00:00:57.440 --> 00:01:01.760
But there are ways you can mitigate the risk to the point where you probably won't have

00:01:01.760 --> 00:01:04.940
to worry too much about it. Possibly the most obvious solution

00:01:04.940 --> 00:01:08.760
is to simply have a camera that doesn't connect to the cloud.

00:01:08.760 --> 00:01:13.660
There are plenty of cameras that can just record footage to a memory card, but if you actually want

00:01:13.660 --> 00:01:17.920
to view your camera feed in real time, you could consider self hosting,

00:01:17.920 --> 00:01:22.680
which typically involves connecting a camera to your network and installing open source software

00:01:22.680 --> 00:01:28.240
onto a computer or a server to control it. But this often involves advanced configuration

00:01:28.240 --> 00:01:32.440
beyond what a typical user who just wants a plug and play solution would go for.

00:01:32.440 --> 00:01:37.040
And just because you do it yourself doesn't mean you're immune from security holes.

00:01:37.040 --> 00:01:41.080
Namely, you need to watch out for devices that ask you to open up a port

00:01:41.080 --> 00:01:46.680
or to enable a feature called UPNP. You can think of ports as a series of doors

00:01:46.680 --> 00:01:52.200
between your network and the outside internet, each with their own number and usually a purpose.

00:01:52.200 --> 00:01:55.280
Normally your home network should have all ports closed

00:01:55.280 --> 00:01:59.580
so that you don't have randos from God knows where connecting to your devices.

00:01:59.580 --> 00:02:04.880
But some services require you to open ports for them to function correctly and UPNP,

00:02:04.880 --> 00:02:09.440
which stands for universal plug and play, can open ports automatically.

00:02:09.440 --> 00:02:15.580
Reputable smart cameras often allow you to connect without opening ports, but if you do have to open one,

00:02:15.580 --> 00:02:19.120
it can be very easy for a bad actor to locate your camera

00:02:19.120 --> 00:02:23.900
and just start watching its video feed. In fact, there's even a special search engine

00:02:23.900 --> 00:02:27.260
called Shodan, no relation to the malevolent AI,

00:02:27.260 --> 00:02:31.980
specifically designed to allow people to find IOT devices such as cameras.

00:02:31.980 --> 00:02:35.620
And if you've opened up the wrong port, you might have just given someone out there

00:02:35.620 --> 00:02:40.540
a free pass into your living room. Hope you laid out some snacks, cause they're hungry.

00:02:40.540 --> 00:02:45.660
Of course, this doesn't mean a solution that involves opening ports is always a terrible idea.

00:02:45.660 --> 00:02:50.460
If you have a good piece of equipment with strong security, including two-factor authentication,

00:02:50.500 --> 00:02:56.100
opening a port may not be that big of a deal. Now, if self-hosting safely seems a bit too complicated,

00:02:56.100 --> 00:03:01.040
but you still want remote access to your cameras, it's likely you'll end up purchasing a camera

00:03:01.040 --> 00:03:04.140
from a big brand that offers a cloud-based app.

00:03:04.140 --> 00:03:08.820
But these can have their own issues. Avoiding security issues with cloud-based products

00:03:08.820 --> 00:03:13.820
starts with choosing a camera manufacturer with a good track record of being privacy focused,

00:03:13.820 --> 00:03:17.060
as some of them have made headlines for the wrong reasons.

00:03:17.060 --> 00:03:22.000
Anchor, for example, caught some serious heat after their Eufy brand of security cameras

00:03:22.000 --> 00:03:26.080
was found to have a pretty big flaw that would allow an attacker to tap

00:03:26.080 --> 00:03:30.600
into a live camera feed fairly easily if they knew the unit's serial number.

00:03:30.600 --> 00:03:33.920
So, theoretically, a bad actor could purchase a camera,

00:03:33.920 --> 00:03:37.000
make note of the serial number, sell it secondhand,

00:03:37.000 --> 00:03:40.960
and then spy on the poor sucker who bought it. Confidence in a company, though,

00:03:40.960 --> 00:03:45.880
isn't just a question of have they been hacked, but also their response.

00:03:45.880 --> 00:03:51.600
Anchor took quite a while to admit their cameras had security issues after the issue came to light.

00:03:51.600 --> 00:03:55.040
And Wise, another IoT company that makes cameras,

00:03:55.040 --> 00:03:59.040
didn't disclose a different vulnerability for around three years from the time

00:03:59.040 --> 00:04:03.200
they were first informed about it. Wise was also criticized for instructing customers

00:04:03.200 --> 00:04:06.440
to open ports in order to get around a software bug

00:04:06.440 --> 00:04:12.680
that caused home routers to block access to the camera feed, which, in turn, caused a security hole.

00:04:12.680 --> 00:04:15.800
So if you wanna feel a bit better about the camera you choose,

00:04:15.800 --> 00:04:21.280
find a company that has dealt with any previous security breaches in a proactive manner.

00:04:21.280 --> 00:04:26.520
But aside from avoiding messing with ports and vendors with spotty security records,

00:04:26.520 --> 00:04:31.240
you should also take common sense precautions. For a camera that depends on cloud services,

00:04:31.240 --> 00:04:37.540
such as those sold by Google's Nest brand, have a strong password and enable two-factor authentication.

00:04:37.540 --> 00:04:41.760
Consider using a camera shutter when you're at home and ensure your home Wi-Fi network

00:04:41.760 --> 00:04:46.240
is protected by a strong password. Of course, there's also something to be said

00:04:46.240 --> 00:04:49.760
for simply pointing your smart camera towards an area of your home

00:04:49.760 --> 00:04:55.160
where you're not going to be walking around without your clothes on, just an idea.

00:04:55.160 --> 00:05:00.200
And seems like it was a great idea for you to click this video because you watched it to the end, wasn't that fun?

00:05:00.200 --> 00:05:04.120
Hey, thanks for watching, like the video if you liked it, dislike it if you disliked it,

00:05:04.120 --> 00:05:07.800
check it out or other videos below, comment the video suggestions in.

00:05:07.800 --> 00:05:10.440
Hey, subscribe and follow.