Security News > 2020 > May > Computer science student discovers privacy flaws in security and doorbell cameras
Ring, Nest, SimpliSafe and eight other manufacturers of internet-connected doorbell and security cameras have been alerted to systemic design flaws discovered by Florida Tech computer science student Blake Janes that allows a shared account that appears to have been removed to actually remain in place with continued access to the video feed.
The findings were presented in the paper, "Never Ending Story: Authentication and Access Control Design Flaws in Shared IoT Devices," by Janes and two Florida Tech faculty members from the university's top institute for cybersecurity research, L3Harris Institute for Assured Information, Terrence O'Connor, program chair of cybersecurity, and Heather Crawford, assistant professor in computer engineering and sciences.
This approach is preferred by manufacturers because it allows for the cameras to transmit data in a way that every camera does not need to connect to every smartphone directly.
Manufacturers designed their systems so users would not have to repeatedly respond to access requests, which could become annoying and lead them to turn off that security check, were it in place, or abandon the camera altogether.
Customers concerned about their privacy after removing additional users should always change their passwords and power cycle their cameras.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/eEIAzjU6C7Y/