Exposing the privacy risks of home security cameras
An international study has used data from a major provider of home IP security cameras to evaluate potential privacy risks for users.
IP home security cameras are Internet-connected security cameras that can be installed in people’s homes and remotely monitored via the web. These cameras are growing in popularity and the global market is expected to reach $1.3 billion by 2023.
For the study, researchers from the Chinese Academy of Science and Queen Mary University of London tested if an attacker could infer privacy-compromising information about a camera’s owner from simply tracking the uploaded data passively without inspecting any of the video content itself.
Camera traffic can be monitored
The findings, published at the IEEE International Conference on Computer Communications, showed that the traffic generated by the cameras could be monitored by attackers and used to predict when a house is occupied or not.
The researchers even found that future activity in the house could be predicted based on past traffic generated by the camera, which could leave users more at risk of burglary by discovering when the house it unoccupied.
They confirmed that attackers could detect when the camera was uploading motion, and even distinguish between certain types of motion, such as sitting or running. This was done without inspecting the video content itself but, instead, by looking at the rate at which cameras uploaded data via the Internet.
“Once considered a luxury item, these cameras are now commonplace in homes worldwide. As they become more ubiquitous, it is important to continue to study their activities and potential privacy risks. Whilst numerous studies have looked at online video streaming, such as YouTube and Netflix, to the best of our knowledge, this is the first study which looks in detail at video streaming traffic generated by these cameras and quantifies the risks associated with them. By understanding these risks, we can now look to propose way to minimise the risks and protect user privacy,” said Dr Gareth Tyson, Senior Lecturer at Queen Mary University of London.