TIME Security

Why You Shouldn’t Trust Cheap Webcams

Using them could be a big risk

As web-connected gadgets have become more popular, their prices have dropped accordingly. That comes as a surprise to no one who’s ever purchased the latest and greatest gear only to spot a better deal just a few months later.

But with web security cameras, the cheaper price tags aren’t necessarily about good products getting less expensive over time. It’s really about the rise of cheap webcams flooding the market. With these devices, however, it’s buyer beware. That’s because low-cost security cameras can sometimes be a window letting hackers into your home.

“Cheap webcams are mostly from untrusted sources, without any protection or very limited protection,” says Steven Chen, CEO of PFP Cybersecurity, a company that provides early warning security services for all sorts of Internet-connected devices and services companies. That’s a big business that’s only getting bigger. According to Gartner, the Internet of Things — a collection of everything from Internet-connected cars to webcams — included nearly 5 billion gadgets last year. Cisco says it could amass some 50 billion devices by 2020.

Along the way, a great many of those products will have poor software and lax security. “Users, even vendors, have no control of what firmware are loaded in these webcams,” says Chen.

Never mind high-definition resolution and motion detection capabilities. Firmware is one of the most important things to consider when you buy a camera, whether it’s for keeping tabs on your baby or watching for burglars. That’s because firmware updates keep Internet-connected devices secure against hackers’ ever-evolving attacks. Without these updates, security holes get easier to find and harder to plug. Meanwhile, users’ personal data becomes easier to scavenge. But firmware isn’t a feature that looks flashy on the side of a box, so few people think about it when buying a security camera.

How bad is the cheap webcam problem? Shodan, a search engine that scours the Internet of Things, is cataloging all sorts of images from unsecured devices that’s probably best left private, like footage of sleeping babies. That revelation led to some labeling Shodan the villain — but the real problem remains the unsecured cameras feeding the site’s voyeuristic search results. (Shodan has less upsetting uses as well, often helping uncover uncover incredible online data breaches, for instance.)

But if a search engine can grab images from unsecured gadgets, it’s not hard to imagine what a seasoned hacker could do. Everything from controlling your camera to infiltrating your computer is on the table.

So how should you prevent that from happening? First, always change your gadgets’ passwords from their default settings. “Some Internet of Things devices come with a factory default password that may be just four digits in length or a common password like ‘password’ or ‘admin,’” says Darren Guccione, CEO of Keeper Security. “These default passwords are easy for cybercriminals to hack.”

Once hacked, connected gadgets can reveal their IP address, which is like a GPS coordinate for locating the user’s router. That’s the heart and soul of a home’s Internet connection. And if users haven’t changed their camera passwords, they’re also likely to have left their router’s login credentials untouched, too. Guccione’s recommendation is to make all of your gadgets’ passwords strong. “If your IoT device requires a password, make sure that it is at least eight characters in length and utilizes a combination of uppercase and lowercase letters, numerals and symbols,” he says.

Read more: This is the most advanced Nest thermostat yet

Guccione also recommends setting up routers using WPA2 encryption, which makes it harder for hackers to intercept any transmitted data. In fact, most routers have an option to set up multiple Wi-Fi networks. Guccione suggests setting up separate networks for your different devices. That silos your networks, making it harder for a hacker to gain access to all your devices if he or she finds a weak link.

But most importantly, when buying these less expensive smart devices, remember the adage “you get what you pay for.” If a deal seems too good to be true, it probably is — opt instead for gear from established companies, like the Google-owned Nest or Canary. Because with cheap gadgets comes the potential for very expensive problems.

Tap to read full story

Your browser is out of date. Please update your browser at http://update.microsoft.com


Dear TIME Reader,

As a regular visitor to TIME.com, we are sure you enjoy all the great journalism created by our editors and reporters. Great journalism has great value, and it costs money to make it. One of the main ways we cover our costs is through advertising.

The use of software that blocks ads limits our ability to provide you with the journalism you enjoy. Consider turning your Ad Blocker off so that we can continue to provide the world class journalism you have become accustomed to.

The TIME Team