Home Security Camera Sends Video To Wrong User (bbc.com) 91
An anonymous reader quotes a report from the BBC: A leading security camera-maker has sent footage from inside a family's home to the wrong person's app. Swann Security has blamed a factory error for the data breach -- which was brought to its attention by the BBC -- and said it was a "one-off" incident. The BBC first learned of the problem on Saturday, when a member of its staff began receiving motion-triggered video clips from an unknown family's kitchen. Until that point, Louisa Lewis had only received footage from her own Swann security camera, which she had been using since December. The development coincided with Ms Lewis's camera running out of battery power and requiring a recharge. A Swann spokeswoman said that "human error" had caused two cameras to be manufactured that shared the same "bank-grade security key -- which secures all communications with its owner." "This occurred after the [family] connected the duplicate camera to their network and ignored the warning prompt that notified: 'Camera is already paired to an account' and left the camera running," she added.
Cryptic Message (Score:1)
How is an ordinary user supposed to know the meaning or significance of that geekish warning message?
Misleading quotation (Score:5, Informative)
"We are regretful that this was not addressed immediately and adequately by our support team, when discovered. We have addressed this and made some internal changes."
They do however have a previous incident where the exact same thing happened, and in that case they apparently suggested it was because two completely unrelated users used the same user and password (which wasn't true).
Re: (Score:2)
The quotation in the summary and even a bit in the article are very misleading. The company seems to take full responsibility for the issue and are not passing blame. The line right after that quote is:
"We are regretful that this was not addressed immediately and adequately by our support team, when discovered. We have addressed this and made some internal changes."
They do however have a previous incident where the exact same thing happened, and in that case they apparently suggested it was because two completely unrelated users used the same user and password (which wasn't true).
So in other words, they are incompetent and there is about zero reason for me to trust them with access to a camera in my house.
Re: (Score:2)
The quotation in the summary and even a bit in the article are very misleading. The company seems to take full responsibility for the issue and are not passing blame. The line right after that quote is:
"We are regretful that this was not addressed immediately and adequately by our support team, when discovered. We have addressed this and made some internal changes."
They do however have a previous incident where the exact same thing happened, and in that case they apparently suggested it was because two completely unrelated users used the same user and password (which wasn't true).
So in other words, they are incompetent and there is about zero reason for me to trust them with access to a camera in my house.
My guess would be that 1 of the devices was the last of a production run, and the other was the first of the next run. A human error could cause them to have the same unique identifier. A minor mistake.
It could be as you say, but regardless, I don't see a reason anybody who isn't doing porn would want a networked camera inside their house. If it is for home security, then outside cameras would be sufficient for identifying someone breaking and entering.
Re: (Score:2)
I guess you've never heard of a nannycam or latchkey kids.
a "one-off" incident (Score:2)
a "one-off" incident
I was really imagining this was weasel-speak for an "off-by-one" error, and everyone was getting the feed from the customer's account with the ID one lower than theirs.
My guess would be that 1 of the devices was the last of a production run, and the other was the first of the next run.
Your theory is way more likely... and less interesting. =)
Bank-grade security key? (Score:3)
Yeah, right.
Re: (Score:1)
I'd believe they use bank grade security keys. Of course that's more a statement of lack of faith in banks rather than my faith in their product.
Re: (Score:3)
Re:Bank-grade security key? (Score:4, Insightful)
It's like the phrase "highly classified" - it means nothing. In the US something can be classified as confidential, secret or top-secret. There is no category "highly." So what is bank-grade? I mean, we're talking key size here, so just give us a number. And obviously the implementation is broken if human error can put the same key on different devices.
Is that like the "military-grade aluminum" Ford has been advertising as making their trucks out of now? Does that mean they were made out of recycled beer and coke cans picked up in military bases from Bagram to Bragg?
Mil-spec (Score:3)
Is that like the "military-grade aluminum" Ford has been advertising as making their trucks out of now?
In that context it probably means material that is mil-spec [wikipedia.org]. Just means it has certain characteristics specified by and conforming to a standard set by the military. Doesn't mean it's necessarily anything special. Milspec parts often meet other standards too though milspec parts are typically more rigorous than many other standards available.
Companies like to use this to do some promotional puffery that makes their product sound more impressive than it might otherwise but what they are saying isn't a lie
Mil-spec aluminum is a thing (Score:2)
It's what they want you to think, but nope. If it was actually mil-spec, they'd have said so.
Mil-spec doesn't mean anything to most general consumers. Saying "military grade" is the marketing BS for the same thing and it provides some legal cover in case some lawyer gets a burr in their saddle about it.
Ford can't say "mil-spec" unless there is actually a military spec that addresses the material in question, and the material actually meets that specification.
And as it happens there ARE military specifications for most materials including aluminum. I deal with them daily. Most metals have mil-spec options if you want them. In many cases they don't even cost extra. I deal in wire (copper mostly) that routinely has UL, mil-spec, and several other speci
Re: (Score:2)
It's every bit as much of a dodge as when the pawn broker asked Homer Simpson if the TV was cable ready and he replied "ready as she'll ever be!"..
If the intent of a message is to create a false impression in the mind of the recipient, it is a lie. Calling it anything else is a second lie.
Re: (Score:2)
It may be marketing speak but it isn't wrong. They must mean HTTPS.
Re: (Score:3)
It's actually worse than that.
Obviously their process is to generate a key and *then* load that key onto the device. For something like MAC address, this makes sense as you only have 24 bits to play with and you need to coordinate it.
For a cryptographic key, the device should generate key if no key existing and they should be relying upon that to generate keys, rather than any external process. It shouldn't be possible for a private key to be duplicated because it should never be possible for a private ke
Should be, makes duplication more likely (Score:2)
It sounds like this is an identifier rather than an encryption key, but let's suppose we're talking about keys, and specifically private keys.
Yes, it's more secure to generate a private key on the device, so insider threats don't know the key. However, that makes it MORE likely to have duplicates, not less likely. Generating them externally, you can easily ensure you don't get repeats, or more easily, control the likelihood of repeats with a good random source.
If the device generates it's own key, the defau
Re: (Score:1)
If you have to check your generator for duplicates, your RNG isn't random (enough) and shouldn't be used for encryption.
A PRNG cannot produce random numbers from deterministic sources.
A private key is useless without a matching public key. The public key, by necessity, would be published by the device if it is using a p
Re: (Score:2)
Most systems do not contain a hardware random number generator, yet they DO manage to produce cryptographically secure keys.
As it happens, a camera sensor in the dark (such as these wireless cameras, with the lens cover on) is pretty good hrng.
Re: (Score:2)
However, that makes it MORE likely to have duplicates, not less likely.
In either case, if it is truly a private/public key, the chances of generating the same key are astronomically low, even across trillions of tries if doing it properly. For the external approach, there exists the possibility of process error to install the same key to multiple device.
If by chance two onboard devices generate the same key by chance, then the external system can request key regeneration. If this facility is triggered at all, it probably means there's something wrong with your RNG strategy.
Re: (Score:2)
Did South Korea ever get away from the ActiveX control their banks used to require?
Re: (Score:2)
I think they mean "serial number".
Re: (Score:2)
It's like restaurant-grade salt. Completely meaningless but at least meets the bare minimum.
Re: (Score:2)
It's like restaurant-grade salt. Completely meaningless but at least meets the bare minimum.
Oh wow, where can I get restaurant-grade salt? This grocery salt just isn't good enough for me.
Re: (Score:2)
Not always, but the quantities are much larger. Typically restaurants order by the case.
Re: (Score:2)
Do you salt your passwords with restaurant-grade salt?
Re:Bank-grade security key? (Score:4, Interesting)
Yeah, right.
Meh.
All this means is that they're using standard crypto -- and if it's really "bank grade" then it could be a little behind the times. Banks still use 3DES all over the place. That's not a security problem, exactly, but they really need to update.
I'm surprised they didn't use the more common "military-grade security" phrase. It's not one whit more meaningful than "bank-grade security", other than it probably indicates use of AES, perhaps AES-256, given the NSA's apparent concern about quantum computing.
I guess both phrases can be taken to indicate "We aren't complete idiots who roll our own ciphers" though it definitely leaves the door wide open for "(but we are stupid enough to roll our own protocols and implementations)". No way to know on the latter point without looking at the details.
Four digit PIN (Score:4, Funny)
Bank grade would be a four digit PIN.
Re: Bank-grade security key? (Score:2)
Having worked for some banks... This means "no security whatsoever"
Human error (Score:1)
'Camera is already paired to an account' as a warning when you've already paired it to your account? That's not human error, that's a design flaw.
blame the end-user (Score:4, Insightful)
A subtle attempt to shift blame to the people that bought this piece of (apparent) junk, ""This occurred after the [family] connected the duplicate camera to their network and ignored the warning prompt that notified: 'Camera is already paired to an account' and left the camera running," she added."
'Camera is already paired to an account'? Could mean it's already been paired to my account and I'm trying to re-pair it. Could be a message indicating success – that you've paired it to the intended account. I'm sure the company will claim this message's meaning is crystal clear and that the people who bought it are partially to blame. I'm not buying that (the dodge or the webcam).
Re: (Score:2)
Agreed, the correct behaviour should be:
This camera is already connected to a different account. Would you like to
* Disconnect from all other accounts and connect it to this account
* Leave the camera connected to other accounts and also to this account
* Do not change this camera's connections
I've seen people get really nervous when the choice isn't "yes" and "no".
Computer users and choice do not mix well, though I hate how UI design has taken this to extremes.
In my experience, giving people detailed explanations triggers the attention deficit disorder unless they're heavily familiar with the product and confident in light of freedom rather than hand-holdy.
Slashdot recently had a GUI discussion where we gleaned that legacy MacOS designs heavily leaned on action verbs like "Save" "Discard" "Cance
Are you sure? (Score:3)
Your gun is currently aimed at your own foot. Are you sure you wish to continue pulling trigger?
Given that the system identified the multiple account issue, and I assume they didn't have a common system in place to allow multiple accounts to work with one camera why was:
a) the camera not depaired from the old account?
b) was the camera allowed to be paired to a new account?
bonus question:
c) if this was by design to allow multiple accounts to access a camera, why is the system setup in such a poor way?
Re: (Score:3)
Re: (Score:2)
I'm betting they cut scope and some of the multiple account access for a single camera code made it into the final build while the verification process did not.
Re: (Score:2)
I'm surprised that they even allow cameras to be moved between an accounts, I mean where is the profit in allowing used camera sales?
The warning message was useless and probably not "ignored". Ordinary person buys a new camera and sets it up. App gives a random error message that doesn't make any sense (it's brand new, they haven't paired it yet) and doesn't explain anything. Happens all the time, buggy apps, try clicking through. Okay, it works, great.
Re: (Score:1)
Or perhaps one starts pairing.
Gets a message "already paired" and assumes the pairing is done and oddly phrased.
Re: (Score:2)
I'm surprised that they even allow cameras to be moved between an accounts, I mean where is the profit in allowing used camera sales?
Used cameras are not the issue here. People have account issues all the time with some good reasons to support moving devices between accounts. But the key here is the second part: The warning message was useless, and if this is the process they have for moving between accounts then it is horribly broken.
Re: (Score:3)
I think bank-grade means 4 digit passwords.
Camera already paired (Score:4, Interesting)
Warning messages like this are entirely useless. If someone gets a message 'Camera is already paired to an account', they'll get annoyed and click through it. It doesn't tell them what the problem really is, it doesn't warn them of the consequences, and it's just plain in the way of them finishing the onerous task of registering their devices to get basic functionality.
A better message might have warned them, 'this camera appears to be already registered to another account, possibly because it was resold. If you continue, the camera's previous owner will be able to view this camera in your home'. Even better, it could instruct them to contact tech support to switch ownership of this camera. Better yet, do away with the annoying useless popup message and just deregister the old account's ownership.
They say it's a one-off factory error, but they still should have been able to foresee a camera being bought by one user and later sold to another user. Dealing with that problem would have made the one-off factory error a nonissue. Yes it would have deregistered the old camera, but at least that's something that can be handled through support rather than by sending video to the wrong account.
Re: (Score:2)
It is not just that this warning is, to many people, cryptic - but that the warning was only given once. The user clicked and forgot, probably thinking "whatever that was about has gone away and is no longer a problem". This 'status' should remain and be flagged up with whatever control panel the user has - this would give them a chance to review it at a later time. You know what it is like ... you buy a new toy and just want to plug it in an see what it does. Once the excitement is over and you are more re
The cloud (Score:4, Insightful)
Re: (Score:3)
Cloud-enabled cameras allow you to stream your camera onto your smartphone. It's a nice idea so long as there isn't network congestion. Whenever I tried to stream video off my camera, the connection was unavailable. Then using wireshark, I once caught someone from AWS in Austin, Texas streaming the camera video.
Re: (Score:1)
Cloud-enabled cameras allow you to stream your camera onto your smartphone.
So does a web cam with a public IP.
Yet another reason for IPv6, instead of these crappy workarounds (NAT and now sending the video to someone else and hoping that they send it back to the right person).
Re: (Score:2)
Re: (Score:2)
Yep. And when the person robbing you leaves with the camera, hopefully the take the SDcard out and leave it for you
Badly worded warnings will be ignored (Score:3)
And there's a big part of the problem: the phrase 'Camera is already paired to an account' is just so much word salad to the average user. They will look at it for a moment, briefly wonder what those words might mean, then click through and forget about them.
If you want people to take such warnings seriously, you need to make it much more explicit, as in: "WARNING: The camera is already paired to another user's account. If you continue to use this camera, that user will be able to view the images from it without your knowledge. Please contact Swann technical support at xxx-xxx-xxxx immediately."
Re: (Score:2)
And there's a big part of the problem: the phrase 'Camera is already paired to an account' is just so much word salad to the average user. They will look at it for a moment, briefly wonder what those words might mean, then click through and forget about them.
If you want people to take such warnings seriously, you need to make it much more explicit, as in: "WARNING: The camera is already paired to another user's account. If you continue to use this camera, that user will be able to view the images from it without your knowledge. Please contact Swann technical support at xxx-xxx-xxxx immediately."
I think the problem here is that they put a networked camera inside their own house in the first place. I set up and configured equipment from Swann for my sister. They retailers sell it to people as being user-installable and user-configurable. The first is generally true but the latter is not. Their systems aren't that bad (apart from this issue apparently) and not hard to configure if you bother reading the instructions. But if you want to get the remote access via their app to work it requires you to ha
Shouldn't have been possible in the first place (Score:3)
The way it should work is for a device to check if it has a key, if it doesn't generates it internally. It should *not* be the case that a device have the private key injected by something externally generating the key. Moving private keys around is bad practice and everything that purports to be secure needs to generate the key on-device rather than accept an external key.
Re: (Score:2)
Re: (Score:2)
Putting aside a debate on whether or not that is a realistic probability, if it is a concern, the device must obvious be outputting a public key and you can have that facility detect a duplicate and request the device regenerate.
Bad alert (Score:2)
If I'd have received the "already paired" text alert on my (sounds like) 2nd boot of the device, I'd think it was telling me it was paired to my account. Now if said "already paired to SOMEONE ELSE'S account" that'd be a bit different.
Poor Quality (Score:2, Insightful)
Poor Programming and "DevOps" done by the team.
-Poor manufacturing quality control [ duplicate key ]
-Poor programming - duplicate key not detected
-Poor testing - duplicate keys should be rejected
-Poor security - duplicate keys should be revoked
-Poor quality App Testing
-Poor quality hardware/software integration - duplicate keys should be rejected by server, and a new key generated
I build my own security cam with a raspberry pi, a CSI camera, and an infrared detector, it cost less then $100. It mails me snap
Geek security camera solutuon (Score:2)
Does anyone have a suggestion for a good wifi camera for somoene that already has FreeNAS?
Re: (Score:2)
Browser plugin sounds like a no-go for me. It will end up being bricked when the plugin is no longer supported, and I don't feel like maintaining an old vm just for accessing my security videos. Ease of use is a primary goal. If its a pain in my ass, I won't bother with it.
Or is the plugin just for configuring the camera, and it saves its data as normal files to a network share?
Re: (Score:2)
Devs are at fault (Score:2)
Today's lazy dev mentality. Every fiscal quarter a certain dev or other will delegate a dangerous bug into the realm of "one-off". I am tired of this mentality of waving bug tracker reports away and closing them. We know they never get to the bug if it's delayed as a "corner case", improbable, right off the bat. They often close 'em when long enough has passed that we've stopped posting new leads, reports and requests for updates. Worse, many bug reports remain as "NEW" for years even after several differen
I can't wait until (Score:1)