Alarming Test Results Regarding Cameras, and What We Can Learn from Them

 Originally published on October 17, 2018 by Patrick Gebhardt
Last updated on March 03, 2022 • 3 minute read

Many of us get this queasy feeling when we see the small surveillance cameras in a smart home (these devices that super-cautious homeowners install not only outside, but as private CCTVs within their own four walls). And as it turns out, not without reason.

The German test service Warentest has found that unprotected IoT cameras are one of the major problems in IT security and yet are more widespread than we would like. In a comparison of 16 indoor and outdoor IP surveillance cameras, the testers found only one well-protected device. Of the other 15 cameras, 10 were rated “satisfying”, 2 as “sufficient” and 3 as “poorly” on the subject of security. The testers also rated the integration of the smartphone apps for controlling the cameras in ten cameras as critical to very critical. Some of the tested devices failed because they used trivial access data, such as "admin" as username or password. In addition they left unnecessary ports open. Also critical: Some apps did not ask users to change their access data when they registered. And with one camera, the testers were bothered by the fact that it transmitted the logon data unencrypted. All in all, there are weaknesses at almost all relevant spots, which in turn reinforces the demand that IoT equipment should generally become safer.

IoT Devices Need More Focus on Security

However, the devices did not only differ considerably in terms of safety, but also in terms of comfort. This concerns, for example, the type of data storage. And only 2 of the tested cameras could be used without any cables.

A few years ago, the world learnt the potential of IoT botnets when thousands of smart devices operating under the control of criminals paralyzed several major Internet services. Cameras were also affected to a large extent. With thousands of hacked cameras, criminals are able to heavily support DDoS attacks and order them to infect neighboring devices on the same network. However, it is important to note that the question of the hazard level of smart home cameras depends largely on the router settings used. If poorly secured IP cameras can be found openly on the Internet, they can easily be integrated into a botnet.

If you are interested in IoT security, we have another article about it - and of course we would appreciate your comments!