Someone could be watching: Tips for securing web-connected cameras
November 2022
Web-connected cameras are increasingly popular as tools to keep an eye on the front door or to check the baby in the nursery, but they also come with risks to your privacy.
It is surprisingly easy for people to tap into web-connected cameras. There are even websites showing unedited streams from unsecured web cameras from around the world. While many of these cameras show outdoor or public spaces, others broadcast from inside people’s homes or other private areas.
Internet-connected devices with a camera – baby monitors, laptop cameras, home security systems – can be easily hijacked to allow random strangers to watch intimate moments. They can also give away key details about your location and movements to bad actors on the lookout for that kind of information.
Fortunately, taking simple steps like changing the default password can drastically reduce the risk that someone can use your camera to spy on you.
Here are some tips to keep your web cameras from being live-streamed.
Do your research!
Before you purchase a smart device or download a companion app, learn about what personal information is collected and the privacy controls offered. If you are not comfortable with how a product or service handles personal information, do not use it.
Be wary of companies offering products and services with no privacy protection information, or incomplete information. This should raise a red flag.
Enter the camera make and model into your favourite search engine and see if there are any security related posts available about it. So-called White Hat security testers often post about cameras that are vulnerable to attack.
Ensure that there is a way to update the firmware on the camera by reviewing the operating instructions prior to use. You can normally download the user manual online prior to purchase to review its safety sections.
Do not use the default password
One of the principal ways bad actors can gain access to your internet-connected cameras is through the manufacturer’s default passwords, which are easily found online. You can greatly mitigate risks of bad actor access by following these simple steps:
- Change the default password
- Use a secure password, with two-step authentication if possible
- Do not use the same passwords across devices
- Verify that the password is changed instead of a new account being created with the old password still active. After changing the admin password, attempt to login using the old password. You should not be able to do so.
See our advice on creating and managing your passwords for more information.
Secure your router
Change the password on your router – hackers can use weak router passwords to gain access to all of your devices.
Try setting up a guest network for Internet of Things devices, especially if you cannot set a new password for a particular device. You will at least be protecting your computers and smartphones. See our information on securing your network in our advice on smart devices and your privacy.
Cover your cameras
You can use a sticky note or a commercially available camera cover on your laptops and tablets when you are not using those cameras.
Make sure the device is set up to let you know when information is being collected – like a light to let you know the camera is on.
Disable camera and microphone
When they are not in use, disable the camera and microphone.
Some other basic tips for protection
- Do not take your web-connected camera into especially sensitive areas such as bedrooms or bathrooms
- Be camera-aware – know whether it is on and where it is pointing
- Be mindful about the access that children may have to the camera to ensure they do not inadvertently turn the camera and microphone on by themselves
- Make sure outdoor security cameras do not give away information like street number or licence plate
- Only activate the functions you need or want, and favour devices that clearly indicate when information is being collected
- Do not click on suspicious links, which can download viruses and let hackers into your system
- Date modified: