Home surveillance systems are more popular than ever, thanks to much lower cost of entry and technology that’s now easier for the average consumer to use. But those fancy IP security cameras could actually be making your home much less safe than it was without them, according to new research from the Queen Mary University of London.
The research, which was published as part of the IEEE’s International Conference on Computer Communications, posits that an attacker could infer information about your schedule and whether or not you’re home — without even reviewing any video footage. All an attacker would have to do is keep track of the data flow on your home network to figure out the best time to hop in and steal some valuable items.
The global market for home security cameras is set to only continue growing, as home internet connections and the cameras themselves keep improving. With this research in mind, it will be up to industry giants and policymakers to ensure those cameras are actually protecting homes rather than making them more vulnerable. The researchers have thankfully provided some guidance on how we might make that a reality.
Some revealing traffic — All video traffic eats up massive amounts of data, and home security camera footage is no exception. But all video traffic is not the same: the amount of data transferred when nothing’s happening on-stream is very different from the amount transferred when kids are running around the living room, for example.
Thanks to these data transfer discrepancies, researchers found, all it would take is a simple network traffic tool to detect whether or not the house is empty, no video access required. Minute changes in traffic can even distinguish between different types of motion captured by the camera, such as the difference between someone sitting on the couch watching TV and a person walking to the fridge for a snack.
Time for new tactics — Home security cameras often use high-level encryption to keep video streams safe from prying eyes. But even the most secure stream sends its data over your home network, which means your movements can be inferred by anyone who’s cracked into your home network. Researchers have suggested a few methods by which to bypass this problem entirely.
The first would be for a moving object to be placed in front of the camera to generate network noise even when no one’s around. This method relies heavily on the user, though, and the moving object might just provide a new baseline for the network.
A more realistic method suggested by the researchers would be for the security camera itself to generate random streams, thereby making it very difficult to infer movement in the home by looking at network traffic. This could be implemented by the camera company itself and would effectively eliminate the vulnerability without changing anything for the user’s experience.
This research is irrefutable evidence that the very mechanisms that allow home security systems to run can also be their most-overlooked vulnerability. Now it’s up to camera-makers to take heed of this information and protect users accordingly.