The large breach which affected security camera manufacturer Wyze left the data of millions of users potentially exposed on the internet.

This is just one example of threats to home security systems. Read on to find out what happened and to learn how to secure your system.

What Happened in the Wyze Breach?

Wyze breach - what happened

Right at the end of 2019, security firm Twelve Security revealed in a blog post that they had uncovered a massive data breach of home security camera manufacturer Wyze. The data of up to 2.4 million users had been left on a publicly accessible database, affecting anyone who created a Wyze account before December 26th 2019.

The data leak was confirmed by Wyze, who said they would launch an investigation into what happened and warn affected customers in an email. It appears that a Wyze employee copied a database of user information to try out a new database format, but failed to secure the database correctly. The database was left open on the internet for several weeks. During this time, anyone with sufficient knowledge could access customer data.

What Data Was Stolen?

Data breaches happen to many companies. What was scary about the Wyze leak was just how much personal data was mishandled. According to Twelve Security, the leaked data included the following information:

  • Username and email of those who purchased cameras and then connected them to their home.
  • Email of anyone the user ever shared camera access with such as a family member.
  • List of all cameras in the home, the nicknames for each camera, device model, and firmware.
  • Wi-Fi SSID, internal subnet layout, last on time for cameras, last login time from app, last logout time from the app.
  • API tokens for access to the user account from any iOS or Android device.
  • Alexa tokens for 24,000 users who have connected Alexa devices to their Wyze camera.
  • Height, weight, gender, bone density, bone mass, daily protein intake, and other health information for a subset of users.

In its response, Wyze said it does not collect information about bone density or protein intake. But it did not deny the rest of the information had been leaked.

How Home Security Systems Can Be a Security Risk

Is facial recognition legal - India
Image Credit: blasbike/DepositPhotos

It's ironic that something you buy in order to keep your home secure can itself be a security risk. But like all IoT (Internet of Things) devices, security cameras for the home cause potential security issues.

The more data you give to a system, the more of a problem it can cause when a breach occurs. As security systems will often include highly personal data such as video feeds of you and your family going about your day, you want to be extra careful with these devices.

It's not only data breaches that you need to worry about. Security devices themselves can be hacked too. For example, in December 2019 it was revealed that hackers managed to breach Ring security cameras. Hackers were even able to send unpleasant and threatening messages through the cameras.

Finally, like other IoT devices, home security cameras are vulnerable to hacking as people often forget to change their default passwords. This makes them very easy to access.

How to Protect Your Home Security System

Wyze breach - protect your home security sytem

So what should you do if you have a home security system and you want to keep it secure? There are a few simple steps you can take to reduce the likelihood of your system becoming a security risk.

1. Enable Two-Factor Authentication

Whether it is from Wyze or another manufacturer, your security system likely has login information. This is the username and password that you use to log in to apps and websites. Make sure you use a strong password for this, and definitely don't reuse an old password. To improve the general security of your account, you should enable two-factor authentication where possible. This will make it harder for anyone to access your account without your knowledge.

However, do be aware that there are risks and downsides to two-factor authentication. In the case of the Wyze hack, even customers who had strong passwords and two-factor authentication enabled weren't protected, as the company was careless with their data.

2. Consider the Reputation of the Manufacturer

When you choose a home security system, you might look at factors like ease of installation, features of the cameras, the quality of the smartphone app, and price. But you shouldn't forget that you are entrusting your security to the company who manufactures the device and collects the data.

Take some time to look into different device manufacturers and to check their data policies. What kind of data will they collect? Will they sell that data to third parties? Do they have a history of security breaches?

If you have doubts about trusting a company with highly personal data, you could consider building your own security system instead. That way, you can remain in control of all your data yourself.

3. Check Whether Live Feeds Are Enabled

Many home security cameras will only activate and start recording at preset times, or when you enable them, for example when you're going on vacation. But some cameras also have a live feed option. This is where the camera will record everything it sees and may save this video or send it to the cloud. This can be useful, for example if you're at work and you want to see what's happening at your house in real time.

However, you might not like the idea of a camera observing you while you're relaxing at home. So always check whether live feeds are enabled, as some cameras come with this option enabled by default. Also, don't forget to check this setting after you update your software or reconfigure your cameras.

4. Add a Password to Your Router

When considering security threats on your home network, it's easy to overlook the main hub of your network, the router. A report by security company ESET from 2019 found that 57 percent of surveyed US users either hadn't changed their router's default password or didn't know if it had been changed.

You should absolutely enable password protection on your router and change it from the default option to keep your home network secure. Even if devices like security cameras have good security, they are still vulnerable through your router if you haven't changed the password.

5. Add a VPN to Your Router

One problem with trying to secure IoT devices is that they often don't support VPN use. Adding a VPN to your computer or phone is one of the best ways to improve your security, but it's not always possible to do this with devices like security cameras.

There is a way to add VPN protection to your entire network though, including not only any computers or phones connected to your Wi-Fi but also including other devices like cameras, games consoles, or smart TVs---set up a VPN on your router. Not all routers support this. But if yours does, you can use it to secure every device on your network including your security system.

6. Keep Your Firmware up to Date

Finally, it's important for all your devices to keep your firmware up to date. This is especially important for security devices. When manufacturers discover security vulnerabilities, they will update the software to protect against them. So if your devices aren't up to date, they are vulnerable.

Make a point to check the manufacturer's website to see when software updates are available. And set up automatic updates if you can so your devices will be updated as soon as possible.

DIY Your Own Security System

Although companies design home security systems to keep you safe, they can in fact cause security problems of their own. Make sure you research and trust the manufacturer of cameras before you buy them. And don't forget to take steps like changing the password and securing your home network.

If you want to mitigate some of these risks, you could try creating your own security camera system using Linux software.