Experts: smart home system security equates to gross negligence
Another day, another smart home camera system security hack, this one affecting Seattle-based company Wyze. First reported by cybersecurity firm Twelve Security and confirmed by Wyze, the hack reportedly affected 2.4 million customers who had their email addresses, the emails of anyone they shared access with. on camera, a list of their cameras, the last time they were on, and a lot more information on display. Some customers have even had their health data leaked.
âPersonally, during my 10 years of [system administration] and cloud engineering, I’ve never encountered a flaw of this magnitude, âDan Ehrlich, founder of Twelve Security, wrote in an article about the Wyze hack.
Wyze is a more budget-friendly Ring-like home camera system from Amazon: While the cheapest Ring indoor camera will set you back around $ 60 (and their doorbell flagships start at $ 100), products from Wyze cap at $ 30. Both companies have now experienced at least one type of major breach – either a hack or a leak – that should raise eyebrows for anyone considering purchasing this type of home security.
Dr Richard Forno, deputy director of the Center for Cybersecurity at the University of Maryland, Baltimore County, told Digital Trends that these security systems leave a lot to be desired in terms of securing, let alone their customers. âYou must be wondering if product companies take basic Cyber ââ101-type security measures to ensure their customer and priority data is protected? You have to at least do the basics, âForno told DT. âThe fact that we’re seeing so many data breaches these days shows that businesses aren’t doing the basics, let alone doing their best, to minimize breaches. “
Ehrlich told Digital Trends that the lack of security on smart home camera systems, for him, amounts to gross negligence. âI know what bad security looks like,â Ehrlich said. âWhen I see bad security you can usually see why, for example, they took down a firewall, but I’ve never seen it so bad. Equifax should be considered the gold standard against these guys, âhe said, referring to the 2017 security breach from credit reporting firm Equifax which exposed data from 147 million people.
Ehrlich said he was convinced the industry would work out eventually, but at the moment there simply isn’t enough manpower to fix what should be fixed to secure the systems of smart home. âThere just aren’t the people to fix it. There is no talent pipeline to address it, âhe said. “There aren’t the people to secure all things and watch all that needs to be looked at.”
âThe winning shot right now is not playing,â Forno told Digital Trends, talking about what consumers should do to better protect themselves from the almost inevitable camera hack. âDon’t buy one. “
If a consumer is determined to purchase one of these systems, Ehrlich says, “be aware that it is technically possible at this time for all video taken to be exfiltrated to anyone in the world, anywhere.” This is the case with Wyze and many other brands.
Forno cautioned that these cameras aren’t much different from a computer, tablet, or phone, and it’s just a fact that some companies take privacy more seriously than others. âPrivacy on these devices is really lacking and there isn’t much to do except unplug,â he said.
If you buy one, Forno said to make sure everyone in the house knows where it is and when it is turned on. Also make sure to unplug it completely when you don’t need it. “Nothing really beats turning it off and physically unplugging it,” he said. “A minimum of common sense on the part of the user will go a long way.”
Wyze did not immediately respond to a request for comment. This story will be updated when we have a response.