Smart doorbell cameras - hackable or privacy compromised?

pwmeek

With the news that Ring cameras can be polled by police for video of a specific time/area (not continuous feed), it makes me wonder what other doorbell cameras are like in respect to privacy, both of the owner, and of passers-by (who may or may not be criminals or have criminal intent). Are we setting up a "Big Brother is watching you" situation? What about hacking? Can non-police "request" video feeds from the many brands of door cameras?
I'd like discussion and links to informative sites if possible.

Hronos

I am not over USA land, so the problem is kind of different, but the concern is there, in my case, I think, the capability of been hacked.
If over a cloud service, some one (government, police, courts, etc.) demands access, they could access it. whether we liked it or not.  But the hacking one if more to think, that means complete access at any time.  As we know, there is nothing 100% secure, so we need to be very judicious (wanna sound smart xD) with our chooses in regard of security. 

pwmeek

For example:  https://www.eff.org/ring

VioletChepil

Very interesting topic.
@kltaylor @Pooh @Pixelpopper @Marc @Crowgrandfather @Notta_Donkey1 @Mirekmal @Romulus @TheCustomCave @vulcansheart - any thoughts to add on this one?

Crowgrandfather

I want to hit on one thing that seems to get missed frequently in regards to this. Police need a warrant.

They can't access the camera feeds at any time they please and Ring doesn't store FMV, only clips.

But this isn't exclusive to Ring. Police with a court order could subpoena video from any manufacturer.

As far as hacking goes, there have been no actual cases where the Ring or Nest devices have been compromised themselves. Every case of people hacking into a home and taking control of a camera involved weak or reused passwords and no 2FA.

pwmeek

Police might need a warrant to force disclosure of video from Ring (or any) cameras, but Ring in partnership with 400+ (maybe over 500 in some recent reports) departments in the US, offers police the facility to ask for video clips from a certain area (up to a half mile square) and for a certain time range, via email. Users (which Amazon disingenuously calls "Neighbors") can opt out or refuse the requests, but are made to feel churlish and anti-safety if they do refuse. Amazon also says it can keep clips that users think they have deleted in order to comply with such warrants.

Police can easily see who has a Ring camera (by its glowing ring) and come directly to the door and ask personally. (Who wants to go on record as refusing such a direct request?) Ring also offers users the opportunity to send clips directly to the police flagging the subject as "suspicious". "Neighbors" can also share clips with other users via Ring's public social network. (What stops a police department from buying a Ring and joining the network with a sock-puppet?) Once the police have a clip, they can keep it indefinitely, without any warrant, and subject it to any facial recognition software they may have.

https://www.washingtonpost.com/technology/2019/08/28/doorbell-camera-firm-ring-has-partnered-with-police-forces-extending-surveillance-reach/

To paraphrase Ben Franklin: "If people are willing to give up some privacy in exchange for some perceived safety, soon they will have neither." 
 

vulcansheart

I am an avid proponent of cyber security and internet privacy. I am a member of the EFF, and 9/10 times I agree with the agenda. However, on the flip side of the topic, if you have the ability to aid in the investigation of a criminal (especially one in your own neighborhood), why would you opt out? Since when are your local police officers the enemy?

Mirekmal

To me, there are few aspects of smart home (so not limited to smart doorbell cameras) I'd to look at:
- Security of the entire system; from this perspective I'm big fan of avoiding, wherever possible of cloud based solutions. As we are not designers of these devices, we do not really know what information is collected by smart devices, eventually transferred out and how it might be used by owners of the service. Recent cases of Facebook app 'accidentally' switching on phone camera when in in use and sending data to FB is one of such cases. If not discovered and highlighted in media, who knows for how long and for what purpose they were collecting such information. Please note that it is rather impossible that faulty code activated camera. There have to be some lines of code placed there specifically to do so, so it is not coding mistake. If we use cloud based solution, we agree to not having control over the data. We do have in place all sort of privacy agreements and I'm not saying that all companies are doing this, but if you want to be safe, take care of it.
- What information might be eventually send out. Simple example of Netatmo Weather Station - it collects and send out to the cloud data like temperature, humidity, pressure, noise level. Is it affecting my privacy? Most likely not. Is it affecting my security - this is another question! By analyzing such data one might find if I'm at home! If temperature in house is dropping, CO2 ppm is dropping, there is no noise it might means that I left home for extended period of time and it is running in away mode.
vulcansheart mentioned) you can get the same level of support from fully local system (like Synology Surveillance Station), while retaining control over data. For the same reason if I'd need to install smart doorbell, I'd go for some fully locally managed solution... obviously that would limit probably functionality of such device (remote door opening?), but staying safe is priority. 
- Finally, having fully locally managed solution does not make us safe either... There are different SW/HW components of every smart device, that we do not know where these are coming from and what might be hidden inside, not by OEM, but by components providers. Not everything is open source, so can be investigated! Remember case of Supermicro being suspected to have some Chinese chips being placed on their motherboard and suspected to send some information back to China? It ended up to be just rumor, but it is possible scenario.
So it is good to have Fingbox and some tool that helps us to keep track on what is going on our network :-).

pwmeek

vulcansheart said:

<snip> Since when are your local police officers the enemy?

When they adopt technologies that spy and collect data on non-criminal citizens "just because they can". I (and many others) are adamant on this point.

vulcansheart

pwmeek said:

vulcansheart said:

<snip> Since when are your local police officers the enemy?

When they adopt technologies that spy and collect data on non-criminal citizens "just because they can". I (and many others) are adamant on this point.

You are correct that many agencies overstep their authority. There must be a checks and balances and transparency. For instance, if an agency accesses your camera for live or historical footage, it needs to reference a case number and be logged and accessible from the owner's account.

Working for a public safety agency, I promise your local law enforcement does not collect data "just because they can". Often times they don't even have the funding nor the human resources to be utilizing these extra data sources.

pwmeek

vulcansheart said:
<snip> 

Working for a public safety agency, I promise your local law enforcement does not collect data "just because they can". Often times they don't even have the funding nor the human resources to be utilizing these extra data sources.

Setting up arrays of automated licence plate readers collecting the number of every car that passes? Surely one or two of those cars must have been owned by blameless citizens.

vulcansheart

pwmeek said:

vulcansheart said:
<snip> 

Working for a public safety agency, I promise your local law enforcement does not collect data "just because they can". Often times they don't even have the funding nor the human resources to be utilizing these extra data sources.

Setting up arrays of automated licence plate readers collecting the number of every car that passes? Surely one or two of those cars must have been owned by blameless citizens.

Again, the need for transparency is essential because it is often lacking. LPR's help track hundreds of stolen cars and criminals (like violent sex offender type criminals) every day. When the "blameless citizen" passes the LPR, the query returns negative results. The record typically expires after 30 days. Of course, not all agencies follow ethical data storage practices, and I agree that it needs to be changed.

These tools help law enforcement do what they are hired to do. When a citizen reports their car stolen, do you want the police to throw it in a pile with all the others, or do you want them to recover the car?

pwmeek

To get back a little closer to the original topic, what happens to the video clips that get collected by the policed or are forwarded to them by citizens (either actually concerned or trying to make life difficult for someone)? Is there some way of assuring that they are destroyed (Including being sure that all caches, buffers, and backups have been cleared)?

It's been my experience that government agencies never give up data voluntarily, and even contrive to get around legal efforts to force then to expunge such data.

vulcansheart

Speaking from personal experience in my field, we do purge data following a strict retention policy required by our state law to avoid the liability of having it available. Government is subject to FOIA, and no one wants to get called to court to testify on something that happened 10 years ago.

I guess to better respond to your question, we don't have "proof" that your data is really gone other than one of our IT professionals verifying that they are unable to retrieve the deleted data. We don't make an attempt to recover files just to ensure they are destroyed completely. We just overwrite the blocks with new data.

The only time data is thoroughly cleaned is when an appliance is EOL and being trashed or auctioned. Often times, the storage is removed and destroyed by physical means.

Edit*

I think we are highlighting the difference between local government and bigger federal government. The latter likely retains data for as long as possible...

Nye

Bias: I've been a victim of porch theft multiple times, and put cameras up after it happened the first time. I feel safer with them, and as such, my views are biased toward the use of cameras such as those discussed in this thread.
I'm very much agreed with @vulcansheart on this one. I'm a huge proponent of online security/privacy, and I've been a network engineer for a major national datacenter company where security was one of our top concerns.
At home, I am constantly on VPN, have most of the web-trackers disabled, and love what EFF stands for and promotes. THAT SAID, I've been a victim of porch package theft and bike theft (u-lock was used properly and the bike still got stolen). I am willing to help the local police catch these people SO LONG as the program is opt-in. The agencies in question either need a warrant to obtain video OR have voluntary permission to do so. I don't see a problem with that.
On "giving up" privacy: What privacy is that, exactly? Nearly every business/store I walk in to has cameras, intersections here are getting more cameras, there are cameras everywhere now. Once you step foot outside your house and into the "public setting" all reasonable right to privacy vanishes. What goes on in the private setting is where my privacy concerns start. Since these doorbells don't show that, I'm good with them.
In my neighborhood, I've seen instances where porch pirates have been caught as a result of people posting doorbell or porch camera video to the "Neighbors" app and contacting the police with those videos. The police have a MUCH stronger case against thieves if they have video evidence of it happening, especially if several different neighbors have video of them performing thefts. 

CG3CYBER

I have multiple ip cameras including a door bell camera; they are all wired in to my switch in my home network on a encrypted VLAN.

I do not use a public cloud based service. Instead I configured my own cloud server so I don't have to depend on anyone else's cloud servers.

The chances of my cameras being hacked/monitored from an unwanted snooper is very unlikely compared to using a well known service with public servers. Those are pretty easy to hack. =]

Mirekmal

vulcansheart said:

Working for a public safety agency, I promise your local law enforcement does not collect data "just because they can". Often times they don't even have the funding nor the human resources to be utilizing these extra data sources.

I do not question that cloud services providers and government agencies are mishandling data they receive. But since we are taking potential crime, there is always chance that someone, just single individual, working for these companies will mishandle this data. Knowing that you are not at home might lead to situations as highlighted by Nye. So even knowing that my data is handled properly for 99.9999% of time, I'd not willingly risk this 0.00001%

Mirekmal

vulcansheart said:

Working for a public safety agency, I promise your local law enforcement does not collect data "just because they can". Often times they don't even have the funding nor the human resources to be utilizing these extra data sources.

I do not question that cloud services providers and government agencies are mishandling data they receive. But since we are taking potential crime, there is always chance that someone, just single individual, working for these companies will mishandle our data. Knowing that you are not at home might lead to situations as highlighted by Nye. So even knowing that my data is handled properly for 99.9999% of time, I'd not willingly risk this 0.0001%, unless I have no other choice.

SimoneSpinozzi

Honestly any cabled doorbell with a camera does its job and needs not record anything.
You *can* hack those but they are not worth the effort.
Anything more than that is usually just asking for trouble.
There is this idea that a "connected house" is a "better house"... how an why?
What even is the point of answering a doorbell if you are not at home?!
To give would be thieves the precise time in which they can go and steal what your postman has left at your doorstep? (best case scenario with total encryption)

Alderete

vulcansheart said:
Working for a public safety agency, I promise your local law enforcement does not collect data "just because they can". Often times they don't even have the funding nor the human resources to be utilizing these extra data sources.

Hmmm...
https://duckduckgo.com/?q=police+officer+stalks+ex
The search results go on for days, and that's just one search. You don't have to work very hard to find real examples of individual police officers abusing their access to official resources. Some of those "official resources" are going to be cameras. Yes, they are "bad eggs". Yes, they sometimes get caught. (Hence the results.) No, that's not normal for police behavior. Yes, I mostly trust the police. 
But just because something is against the rules, against the law, doesn't mean it doesn't happen. Otherwise no one would bother with security cameras in the first place.
So, no, I'm not inclined to give anyone blanket access to my security camera footage. Come to my door, ask nicely, explain the purpose: sure, I can help. But if all you need to do is put a potentially bogus case number into an Amazon page and you can look at all of the Ring footage captured in a 1 mile radius of a "suspected crime", without real oversight or accountability? No thank you.
And, going back to the “collect data "just because they can"” part. Maybe local government agencies don't. Let's agree that it's true! What about Amazon, or Google (Nest), or the Chinese vendor behind some security system you got for a cheap price at Costco or Walmart? You think they're not collecting every single detail about you they can, so they can "aggregate and anonymize" it and then sell it for real money? Of course they are. That's the entire business of Google and Facebook and any other business that isn't charging you money.
"If you're not the customer, you're the product." I would prefer to not be a product, thank you very much.

Alderete

My earlier comment was focused on Ring, and on police access to Ring footage. But it's worthwhile to expand the discussion beyond Ring to cameras in general. I believe that security cameras are a very useful tool for preventing crimes (deterrence), and for catching criminals (forensics). But like any tool, they need to be used properly. There are at least two issues that are worth thinking about for any camera system:

• Access to the system that is intentional, but is also abusable. (This is Ring, but also many others.) This is something that, with thoughtful discussion, it's possible to arrive with a systems design that works. "Access with accountability" would be my catchphrase. Devil's in the details, but I believe it's possible.
• Access to the system that's not intentional (hacking), or that is intentionally abusive (spying). 

This is a lot harder to design out of any system. First, software is hard. Like, really hard. There's a reason all those software engineers in Silicon Valley make such good money. Even with the best of intentions, software defects (bugs) are inevitable, and some of them will let hackers spy on you in your own home.
But second, and more important, there's often zero consequence for a company that ships an insecure product that can be hacked, even if the hacking is exposed widely. Quick, name a single company that shipped insecure cameras and was penalized. This is called "externalized costs". The company that sold you the camera doesn't pay for the consequences of their insecure product. YOU do. They externalize the consequences onto other folks, and don't pay anything for their mistakes. So why spend money (expensive software engineers) on security when you can spend less, make more, and that's the only difference?
That's not theoretical. If you want to terrify yourself, spend an hour reading through Bruce Schneier's blog, which collects literally hundreds of examples. Here's just the articles on cameras:
https://www.google.com/search?q=camera+site:www.schneier.com/blog
That's a long list, so here's a couple specifics:

• Eavesdropping by the Foscam Security Camera
• Shodan Lets You Browse Insecure Webcams
• Hacking Security Cameras
• Samsung Television Spies on Viewers

That last one is especially instructive. Anyone know if Samsung is still in business? Profitable? Still selling TVs that collect data about you? (Yes, yes, and yes.)
Doesn't mean you shouldn't put up cameras around your property if you're concerned about trespassers or burglars. I do! But it's worth thinking about whether that cheap camera system at Walmart is as good a deal as the price would make you think. I spend more money on better equipment from more reputable vendors, and then I add on my own network security expertise (such as it is) to try to limit the consequences of choosing poorly.
Those are things I'm blessed to be able to do, and not everyone is so fortunate. But, still. Look before you leap.
Another way to think about it: Imagine that everything you do that's recorded by your own cameras will be put on TV for your friends and family to see, or shown to a jury. Everything. We probably all think of ourselves as good people, but remember the famous quotation from Cardinal Richelieu:
"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."
I might not hang, but if a picture is worth a thousand words, how many "lines" is a few hundred hours of video worth? I'm certain I'd be embarrassed, or lose a friend, or something. That's the point Richelieu was making: We all would.

pwmeek

BTW folks, this is exactly the kind of discussion I was asking for: lots of viewpoints and no flaming. Thank you all.

Alderete

I hate to continue to pile onto Ring (because I'm becoming boring), but the first article in a three part series about Ring was published just today:

How Ring Went From ‘Shark Tank’ Reject to America’s Scariest Surveillance Company

Amazon's Ring started from humble roots as a smart doorbell company called "DoorBot." Now it's surveilling the suburbs and partnering with police.

I expect the rest of the series will be equally interesting.

Boombies

I am going to agree with @vulcansheart and @Nye on this one. I myself am a proponent of both privacy and internet security. I have no problem with this as long as the program is transparent.  It's a door bell camera... not a bedroom camera. Anything in front of my house is already viewable by the public. Personally, my security cameras are wholly within my network and I assume the risk of maintaining the data. I may choose to share camera feeds if there were a neighborhood watch system in place. Who knows? The key here is 'who owns the data' and does the owner have a choice? Keep in mind the people purchasing these devices are the same people hosting Alexa and Google as permanent guests who are listening to every conversation. Also, while I maintain my statement above, I respect @Alderete 's comments on the topic. Read the fine print and know what you are getting.

Alderete

The articles about Ring just continue to pile up. 
Ring’s Hidden Data Let Us Map Amazon's Sprawling Home Surveillance Network

SCOOP: Gizmodo acquired 500 days of data from Ring's app and found the hidden coordinates of its cameras. We were able to map out up to 20,000 Ring devices. We concluded the data could enable anyone to pinpoint the precise locations of these devices.

I suppose you can take the viewpoint that the cameras are focused on public areas. Still, it's obvious that Ring's "security" is...porous. Even if you don't care if your footage is accessed, what about compromising and getting into the devices themselves, and using them to discover things that are inside your house? Perhaps those other devices on your network hold more interesting information that you'd prefer stayed private.

I get that Ring's hardware, prices, and service are attractive. I'd love to be able to trust them myself! But given all the questionable things we know about, I have to wonder what we don't know about. How many more shoes are out there to drop? Seems like the company has other interests besides mine.

OKC

vulcansheart said:

 Since when are your local police officers the enemy?

https://www.usatoday.com/in-depth/news/investigations/2019/04/24/biggest-collection-police-accountability-records-ever-assembled/2299127002/

https://www.usatoday.com/in-depth/news/investigations/2019/10/14/brady-lists-police-officers-dishonest-corrupt-still-testify-investigation-database/2233386001/

vulcansheart

There's almost 700,000 active police officers in the nation. They published a list that reflects less than 1% are investigated annually for misconduct. Not exactly a statistic that makes them the "enemy". But, you are allowed your opinion of course.

OKC

Statistics has nothing to do with it. There was nothing ever said about statistics. There have been people framed, had drugs planted on them, been raped, you name it and it has been done. Let’s stick to the facts. If a person doesn’t feel like the police should have access to things, that is their right. You shouldn’t try to persuade them. You can vote as you please and believe as you please. Others should reserve that same right. Just one cop alone in my city is responsible for raping 8 women. Statistics or not that is 8 women too many.

vulcansheart

Uber drivers have raped, mugged, kidnapped - yet we still climb into their cars everyday. I'm just saying don't label the entire police force, the people that put THEIR lives on the line to protect you and your family (and often they are your neighbors, friends, and family), based on a minority of criminals.

Also, I'm not persuading anybody to do anything. I'm stating the obvious point that if you buy a Ring camera from a company that publicly markets the ability to provide law enforcement direct access to the footage, don't also expect absolute and complete privacy and security of said device and data (especially after the rash of security flaws and hacked devices recently). Amazon compels their customers to share the video, and if you don't like the business model, you have the choice to not buy the product.

OKC

You have taken this completely out of the park. Bottom line is this. If someone doesn’t want the police in their privacy, they have the right to take that stand.

vulcansheart

Oh, okay. I didn't realize I had taken it "out of the park". I was simply responding to your post about cops raping, framing, and assaulting people and thus cannot be trusted with your privacy. The second part of my post was to point out that you cannot expect privacy from a company that wants you to share your data. So bottom line, if you want guaranteed privacy, don't buy the product. Remember, law enforcement isn't making Amazon to do anything... it's the other way around.