Is the home camera really safe?

How to judge a home camera is safe?

In the last two years, there may be no one to pay attention to this topic. But with the recent arrival of home camera products, as well as CCTV 3,151 times "camera is black" large-scale exposure, it began to have a hot user discussions. We usually think that the computer and the camera on the phone will be very safe, but in fact, this is often a variety of leaked user privacy "xx door", the recent "crazy" incident is a bad application recording user privacy video and then uploaded to Youku is publicly circulated.

Home camera closer to life, it 24 hours to monitor the state of the home, if the black harm than mobile phone computer larger. How to judge the security of this camera? Or, how can you tell if the security protection provided by camera vendors is complete?

In general, the security of the home camera has two dimensions, one is the system/firmware security, the other is the use of security. System security refers to the camera inside the system can be breached, its general has unix/linux/rtos, the content is more obscure, and first skipped put in the next article. Daily use of security is more pan, including the camera on the SD card was taken away, cloud services to break the top video how to get, ID stolen how to break (the professional version of the said hardware physical security, cloud storage and transit security, app security) and so on. Let's take a look at how the industry routinely determines how safe it is to be used.

Encryption！ Encryption！ And then encrypt!

The most worrying aspect of the camera is the content leak, so it needs more encryption to prevent it. This includes HTTPS encryption during transmission, encryption algorithm encryption, SD card storage encryption, server content encryption. At present, domestic manufacturers in this regard little publicity, most of a "financial security" word. A few one or two intentions will take the initiative to say: "We have used the whole HTTPS encryption." "HTTPS encryption guarantees that video content will not be sniffed by hackers during transmission.

In fact, because the camera is rarely advertised in the public domain, many manufacturers are not concerned about security in this area, the use of plaintext transmission is everywhere, so it is particularly important to actively publicize their security practices.

Outline Settings password

In addition to preventing the content in the transmission process is leaked, but also need to ensure that the user account is stolen after the security monitoring, this should be from the grading password.

Simply put, a level two password verification is required to view the video. When your account is stolen, other people login is no use, the other party can only see you bind this camera, look at the camera monitoring content needs this password to verify. Of course, this password is normally used, not every time need to verify, it will bind the device, only on the new device login account will need to enter.

The hierarchical password is a very important protection mechanism for the client, but only one or two of them have made this setting at home. In other words, most cameras run completely naked after the account is stolen.

More

The above is only the most important two points, in fact, there are many security mechanisms. For example, users who do not like the cloud can try point-to-point straight camera, which can avoid cloud leakage, users who are particularly cautious about security can set up graphics locks in the application, and account-bound mobile phones, can better protect account security.

Home camera as a visual hardware, is considered the eyes of the future smart home, its security is related to the user's personal security. Therefore, the efforts of manufacturers to spend on this is particularly important. In the next issue, we want to discuss the security of the camera's system/firmware, which is the most common attack by hackers, detects a camera through a network port scanner, and then enters the camera with a weak password or vulnerability, and then ...

This part of the opinion interview from ZTE Home network operations director Tianbo