For many years we have assessed the security vulnerabilities of security systems and in more recent years with the demand for home based video surveillance, we have been concerned about cyber security. We present the technical facts based on our research at the time and our professional opinions with regard to system options nestled within each client’s security risk context. We respect the procurement decisions that our clients make.
We understand that with the high quality image, the relative ease of personal control of systems (by the owner) and the low cost, as well as influential recommendations (from the salesperson and sometimes their friends who have home based video surveillance systems), why decisions for certain systems are made.
Security systems should provide a qualified sense of personal safety in the home situation. There are good reasons why home based video surveillance systems should be considered. However, systems should not ‘silently’ contribute to the security vulnerability of the householders or in some cases the organisations that employ them should they work at home.
New research on ‘Home Security Cameras’ by researchers from the Queen Mary University of London and the Chinese Academy of Science assessed potential privacy risks by using data from a major Internet Protocol (IP) security camera provider.
The research findings were published at the IEEE International Conference on Computer Communications (July 2020). In essence, the research identified that cameras could be monitored by attackers and used to predict when a house is occupied or not. The report confirmed ‘attackers could detect when the camera was uploading motion, and even distinguish between certain types of motion, such as sitting or running. This was done without inspecting the video content itself but, looking at the rate at which cameras uploaded via the Internet’.
Although there are threat actors and cyber vulnerabilities that should be a concern to the ‘average’ system owner, these findings may not be remotely important. However, there will be some people, some organisations and some supply chains that should read the report in detail, seek professional advice and if need be, place the findings in their respective security risk and threat framework.
There are people that have professional and private information at home that if stolen could be seriously detrimental with compound consequences. If burglary or privacy are concerns, then an objective review should take place.
Products and associated vulnerabilities change. Vigilance in vital.
Organisations that have sensitive information in the custody of personnel at home, should properly assess and develop their risk assessment processes. It important to ensure your advisors are qualified and bias-free.
Further information contact: Geoff Harris 0419 462 798, firstname.lastname@example.org
Note: The above discussion is of general nature only and intended to stimulate and focus conversation on security and related risk management. It lacks context. We do not provide endorsement or assessment on information or research provided by others that may be referenced in this article or provided by those references. The above discussion is not comprehensive and does not provide expert legal comment or advice. The discussion does not provide professional advice from us. Seek expert analysis and advice relevant to your specific context from trusted advisers.
© Harris Security Management, Sydney 2020 www.harris.com.au