by Paul Rubell, Esq.
Cameras and other surveillance devices are supposed to protect your home. It’s kind of bittersweet, then, that these devices are not especially secure themselves. Hackers can turn home protective devices such as cameras against their owners. IoT cameras can unlock the door to your home instead of safeguarding it.
Samsung’s SmartCam home security cameras have gained widespread popularity due to their smartphone control, ease of use, and versatility to connect and communicate with many IoT-enabled devices in one’s home. Unlike many competing cameras, Samsung’s computer memory stores home-based sensor data and video files locally on the device, and not in the cloud. (Recently Samsung launched a SmartCloud program to offer optional Internet storage.)
Despite corporate promises of security, Samsung’s cameras have been hacked by a group known as Exploitee.rs. The cameras contain computer code that is vulnerable to remote access. As a result, it is possible to control the camera from a faraway location and worse, to download and view video files that were intended to remain private on the device’s local hard drive.
The privacy law implications of these kinds of vulnerabilities are profound. What responsibility would Samsung have, if a home that is supposedly protected by a SmartCam is actually burglarized because of the information that the camera sent to the burglar? What if the burglary deteriorated into assault or murder or rape or kidnapping? Would Samsung be adjudged responsible by a judge? Will liability insurance protect Samsung from a lawsuit by an injured customer?
The problem facing Samsung is that it knows all about the hack. If you can program code, you can hack the camera easily. A video how-to guide shows you how to write the specific computer code needed to exploit the camera’s vulnerability and more importantly, how to debug the hack. All that is needed to take over the camera is the administrator’s password. The hack allows one to change the admin password without knowing the original password. By bypassing the password reset process, the camera can be accessed and used by a false administrator located thousands of miles away — or across the street from your home.
Exploitee.rs has created an entire webpage devoted to the Samsung SmartCam and its vulnerabilities. A word to the wise: before you entrust your home’s security to a camera, be sure that the camera itself is secure.
The legal implications of security vulnerability are only beginning to emerge. The Internet of Things is a game-changer in terms of challenging people’s privacy. The law needs to catch up with technology or bad actors will be free to harm our society.