How to stop your wireless security camera from being hacked
As well as enabling you to remotely keep an eye on your home, indoor surveillance cameras should also protect your security and privacy.
But our product tests and investigations have revealed models that lack even basic protections, and could put you at risk of being hacked.
How wireless security cameras get hacked
There are many different ways that an indoor surveillance camera might be targeted by hackers.
Weak or generic default passwords are one of the most exploitable issues you'll find. Some wireless cameras come with weak usernames, such as ‘admin’, and also easy to guess passwords, such as ‘admin’ (again), ‘888888’ or ‘123456’. Attackers know this, and can scan for cameras that are online to try these weak login details to gain access. You can also use a to help.
Password security is also an issue if the camera sends unencrypted data. Even if you change the camera’s password, some cameras will send it, unencrypted, over the internet. This means that when you enter your password, an attacker could steal it and use it to access your camera. Some cameras even transmit your wi-fi password, too, putting your home internet at risk.
With some cameras, an attacker can take complete control over the device – known as full camera takeover. This involves gaining what’s known as ‘root’ access to the camera; a bit like having the keys to the front door of a house. They can then tamper with virtually any aspect of the camera and even load it up with malware.
What happens if my camera gets hacked?
Unless the camera starts moving without you doing anything, or a voice sounds from the built-in microphone, you might not actually know that your camera has been hacked.
However, the impact of a hacking attack can be devastating; from intrusion to your privacy to potential compromise of other connected devices you have at home.
Smart home spying
Dodgy cameras can be easily hacked from anywhere in the world. A hacker could be in a bedroom in America and watching your home on their laptop. The attacker might be able to pinpoint your exact location using the camera, and if it has a microphone, they could even be able to talk to you through the device.
Home network exploitation
If your wireless camera lacks basic security and it’s connected to your home network, it could put other devices, such as laptops or smartphones, at risk. In this scenario it becomes like a ‘fox in the hen house’, able to mount local attacks and possibly even steal your personal data.
A botnet is a vast army of compromised devices that are harnessed by cyber-criminals to mount large-scale online attacks. Wireless cameras with weak security are prime targets for this as they can be easily loaded up with malware. This might not have a direct impact on you, but can contribute to wider cyber-crime.
How to keep your wireless camera safe
While some wireless cameras have inherent security issues that are difficult or impossible to fix, in most cases there are things you can do to help secure your wireless camera in the home.
Change the password
As covered above, many wireless cameras have weak default passwords that are easy to guess. Set a secure password connecting three random words that you’ll be able to remember.
Install all software updates
These provide vital new protections against security threats. Check the camera’s settings to see if you can set it to run updates automatically so you don’t have to remember to do it. Also, always run updates on the camera app in your smartphone.
Set up two-factor authentication (2FA)
If your camera offers it, this extra layer of security can stop hackers dead in their tracks. 2FA allows you to request a passcode when you log into your account, in addition to your username and password. The passcode can be sent to your phone, so only you will see it and be able to gain access.
If in doubt, turn it off
If you’re worried about someone snooping in on your home through your camera, deactivate it by unplugging the power. We have Best Buy cameras that have been checked for effective security protections and are available from £60.
Delete your data
If you want to sell your wireless camera, check the settings or the manual (if you still have it) for instructions on how to restore it to factory settings. After you complete that process, you can delete the app from your phone.
How to shop safely for a wireless camera
Despite being a relatively novel addition to the home, wireless cameras are gaining in popularity, in part down to falling prices.
You'll find a range of well-known brands, such as Hive, TP-Link, Swann, the Google-owned Nest and Amazon's Ring on sale at major retailers such as Currys and John Lewis.
However, if you're shopping online, you may notice a huge number brands you may not have heard of, particularly on online marketplaces such as Amazon, eBay and Wish.com.
This huge influx of smaller brands at cheap prices has made the buying decision more difficult, and our investigations have revealed that it's important to be wary.
For this reason it's important to shop carefully – cheap isn't always cheerful in this market.
Wireless camera from unknown brands may have hundreds, maybe thousands of positive reviews, but make sure you read the negative ones, too. They may alert you to worrying issues with the product, including potentially even hacking risks.
Check the brand
If the company that's selling the camera doesn't have a website or any contact details beyond a generic email address, be cautious. If you can't find the brand online at all, it's best to avoid it and go for a more established brand.
Get in touch
If something goes wrong with the camera or you have questions or concerns, do you know where to turn for support? Email or call the manufacturer with a pre-sales enquiry to see how easy it is to get in touch.
Be careful what you reveal
If you do buy the camera and decide to review it, be wary of posting images of the camera or the app as this might reveal information that's valuable to hackers, such as the camera's ID or even password.
How we test wireless camera security
Which? members can access the results of our full wireless cameras tests, in which we carefully scrutinise security, along with other factors like performance and ease of use. Only those with the highest standards can become Best Buys, and any models that pose a critical risk are named Don’t Buys.
We test for a range of security and privacy-related issues, including:
- Password security: We check whether the device uses a weak default password, and if you are encouraged to change it, whether you have to choose a secure password (as covered above).
- Data encryption: We analyse what data the camera is sending and receiving to ensure that no important data, such as the camera password, is being sent without proper encryption.
- Decommissioning: At the end of our testing, we reset the product to factory settings and delete the app. We then try to set up the product again to see if any of your data has been retained, which would be a risk if you wanted to sell the camera.
If we find any significant vulnerabilities with wireless cameras, we contact the manufacturer to disclose our findings and get them to fix the issue. If they don’t, then we will advise you not to buy the camera.