A new study has revealed that some features of wireless home security cameras could easily compromise the user’s safety. The research shows that it is possible to learn compromising details of a homeowner’s activity without even accessing the video footage itself.
Internet Protocol (IP) cameras are installed and connected to the internet for remote viewing. These wireless security cameras are growing in popularity, with the global market expected to reach $1.3 billion over the next couple of years.
An international team of researchers set out to investigate the potential privacy risks of a major brand of wireless security cameras.
The experts analyzed whether an attacker could obtain private information about the activity and whereabouts of a camera’s owner by passively tracking the uploaded data without any of the actual video content.
“Once considered a luxury item, these cameras are now commonplace in homes worldwide. As they become more ubiquitous, it is important to continue to study their activities and potential privacy risks,” said study co-author Dr. Gareth Tyson from Queen Mary University of London.
The analysis showed that the traffic generated by the cameras could be monitored and used to predict when a house is unoccupied.
The researchers also determined that future activity within the monitored home could be predicted based on past traffic data, leaving users at a higher than of break-ins and burglaries.
The experts confirmed that attackers could detect when the camera was uploading motion, and could even distinguish between certain types of motion, such as walking or sitting. This information was implied through the rate at which data was uploaded by the cameras to the internet, rather than through the video footage itself.
“Whilst numerous studies have looked at online video streaming, such as YouTube and Netflix, to the best of our knowledge, this is the first study which looks in detail at video streaming traffic generated by these cameras and quantifies the risks associated with them,” said Dr. Tyson. “By understanding these risks, we can now look to propose way to minimize the risks and protect user privacy.”
The findings were presented at the IEEE International Conference on Computer Communications (InfoComm 2020).