Home insecurity: Tips to safeguard security devices

After his home was hit a couple of times by thieves, Dr. Ashwin George joined the growing ranks of do-it-yourself security buffs.

He went online where there are hundreds, if not thousands, of devices to choose from and ordered some cameras disguised as clocks and phone chargers. Then, he hooked them up in various locations around the house.

Each device connects to the internet via Wi-Fi. They also have motion sensors. If an intruder is detected, the camera sends an alert to a smart phone.

One day when he was 30 miles away from home, George received a notification.

He tapped the app on his phone and saw a burglar in his house.

“So I look into my camera and I see this person standing in my bedroom going through stuff that was in the drawers,” he recalled. “I started to panic, my heart was racing,”

He called 911 and gave officers a play-by-play account of the burglar’s whereabouts.

“My heart was pounding, I was having palpitations, I was shaking looking at those images,” George said.

Police entered the home and started searching for the suspect. The burglar tried making a run for it, but didn’t get far before police arrested him.

CAMERAS COULD BE HACKED

A cheap, unsophisticated, do-it-yourself video security system helped put a crook behind bars.

However, before someone rushes out to get one for a home, a word of caution: some of these cameras can be incredibly easy to hack, giving outsiders an inside look at your private life.

The Fox 9 Investigators asked Enterprise Knowledge Partners, a Bloomington-based cyber security firm that works with government and corporate clients, to demonstrate how to avoid becoming a target.

“It’s very common that the bad guys try to do it; it’s happening 24 hours a day, seven days a week,” said Chris Schulte from EKP.

EKP’S Mary Frantz took Fox 9 on a driving tour of a metro neighborhood armed with a laptop and some inexpensive hardware.

“The first thing I’m going to do is start these live scans. And again, this is software that you download, less than a $100 device,” she said.

This is how tech troublemakers, known as “script kiddies,” go looking for homes to break in to.

So how savvy does someone have to be to figure it out? 

“This is incredibly easy thing to do. Very easy,” Franz commented.

With the equipment she was using, Franz was able to pick up signals from WiFi networks and devices, like security cameras, door locks and smart speakers, which are connected to home networks.

“I am seeing one open in this area, with absolutely no security on it whatsoever,” she said as the tour progressed.

Franz said many of the networks she was seeing were named with presumably the homeowner’s name or home address. These clues that can tell the bad guys which property is ripe for an attack.

EKP tested some popular devices in its lab and did find ways to break in electronically, much like a hacker would in the real world.

They were able to take control of a camera, disconnect it from its network and turn it on to eavesdrop.

REAL-WORLD HACKS

A popular YouTube video shows a man who's surprised to hear the voice of a prankster coming from his doorbell camera.

The hacker asks the man for $2,000 to “unhack” the doorbell.

SECURITY TIPS

“A lot of consumers, when they buy these things, it’s kind of like a 'set it and forget it' mentality,” Schulte said.

People forget that devices often get software updates to protect against vulnerabilities that are discovered later. Cheaper security cameras may not even offer fixes that block hackers.

“The cheaper devices are more likely not to be updated, not to be designed well and therefore more vulnerable to attack,” Schulte commented.

Despite the success George had with his inexpensive cameras in catching a burglar, he decided to pull the plug on them.

“I was not very comfortable having the camera and knowing that someone could hack into it,” George said.

He opted to go with a professional security monitoring company from now on.

But the experts say do-it-yourself systems can and do work, just take some precautions:

•    Check product reviews before you buy.
•    Don’t name Wi-Fi networks in a way that gives away where someone lives or their names.
•    Make sure a wireless network has a strong, long password, like 20 to 30 characters.
•    Enable two-factor login on services/devices that support it
•    Do not store passwords in a browser. The browser is not a password manager. When your browser asks you if you want to store/save a password, say no.
•    When possible, only allow Bluetooth and wireless connections from trusted sources on all your devices.