FULTON, Md. - New research from a Maryland technology company has uncovered security flaws in home security cameras that could allow hackers to watch you or even manipulate the cameras to steal from you.
FOX 5 linked up with those researchers from ReFirm Labs in Howard County and they demonstrated what they found.
Using a security camera trained on a truck, an employee showed how it was possible to hack into the camera system.
“We will take over the camera, and what we plan to do here is freeze the image and then make you, as the user, think that what you are seeing is real when, in fact, it’s not,” explained ReFirm CEO Terry Dunlap.
The hack showed that a person checking their security camera online would see the frozen image of the parked truck, even as someone was driving the truck away.
Dunlap, who used to work for the National Security Agency, also showed FOX 5 a public website where live security camera footage from around the world is visible. Dunlap said most likely the users did not put in a password for their system.
“If you had knowledge, you could do what we did to the camera in the parking lot,” Dunlap said.
The research done by ReFirm also looked at routers and found similar vulnerabilities that could let hackers see even more.
“Anything you do on your network at home – checking your banking account, doing financial transactions, anything that you would consider private would be in the hands of criminals,” Dunlap said. “So it could lead to stealing an identity, financial transactions you didn’t plan on implementing. So it’s just bad all around because they would actually have access to everything that is on your own network.”
He says the best the advice to protect yourself – regularly check the website of the manufacturer of your camera or router for firmware updates.
“Because companies like us or other independent researchers will find vulnerabilities and report them to the manufacturer, and then the manufacturers usually develop security patches to plug these holes that are found and issue new updates,” Dunlap said.
The cameras and routers tested were made by TRENDnet, Belkin and Dahua. The companies were made aware of the findings before they were made public this week.
All three companies tell FOX 5 they are taking measures to address the research.
A Belkin statement reads in part:
“We provided firmware this past June, shortly after we were made aware of the findings. We also provided additional firmware updates to all the vulnerabilities mentioned in the report on Oct. 24. All three vulnerabilities have been addressed and we recommend that Belkin customers update their routers to this latest firmware.”
A TRENDnet statement says in part:
“The IP camera reported is a new product with less than 100 units currently sold. Until we can confirm the vulnerabilities, we have stopped shipment and recalled the remaining products out in the market. TRENDnet continues to take consumer privacy and security very seriously.”
A Dahua statement says in part:
In the past 24 hours, our engineering team screened all actively shipping product against this vulnerability and found none of them were affected. We are continuing with the screening on earlier models. We have released a security notice to alert customers of this risk."
Dahua, based in China, did not respond to findings by ReFirm that the “backdoor” that allows outside access appears to be intentionally part of the technology.