Keyboard shortcuts are available for common actions and site navigation.
I have had a lot of people ask me "what is a good IoT security camera". I'll try to elaborate on this - and most of this will be around threat modelling.https://twitter.com/kyleknighted/status/1210608916280872962…
There are two primary ways that a camera can be compromised. One is in the normal scope of operation: you can view footage and use the camera as a normal user. The other is: you take control of the camera as a Linux box and can do what the hell you want.
Within the normal scope of operation: wow, there are so many players involved. The recent Ring hack was carried out by people using brute-forcers agains the Ring login. Their goal: accessing your camera feeds. Their motivation: not sure I want to go there.
We had a big shift in security attitudes over the last 5 years. People are putting cameras inside their houses. In their bedrooms. This has shifted the attacker profile from curious voyeur to dedicated pervert. The latter will try a lot harder.
Who can these attackers be? It could be a random on the Internet, brute-forcing your creds. This is what happened with Ring.
It could be someone on your local network, exploiting the fact that many of these cameras trust the local network. Who could that be? Well. It could be your lodger spying on your daughter. It could be your weird neighbour who has cracked your WiFi password.
I know this is horrible to think about, but there are a lot of perverts out there. They go to extreme lengths to see things that we consider mundane. That doesn't stop you feeling seriously creeped out when you find out about it.
It could also be an employee of the camera company. Ring have made it very clear they can see the doorbell footage. What about the other cameras? What can their own staff see? I have looked at one camera system that encrypted end-to-end so that no one else can view it.
So far, nearly all camera compromises we have seen are using the camera as a camera. But what happens if they take it over as a device?
Well, then they could use the device in a botnet, like Mirai. https://en.wikipedia.org/wiki/Mirai_(malware) … Clearly not good.
Worse still, they could be used as a pivot onto your network. Today - this is probably a targeted attack. It's not being carried out at scale. But imagine if someone could use every Ring camera to deploy malware to every Windows machine behind a firewall.
That might seem ridiculous, but IoT botnets seemed ridiculous a few years ago.
TLDR: If you want to install these cameras, consider them already compromised, that anyone can see them. Install them so they can't see anything you don't want others to see. And honestly - given previous tests of these - put them on another VLAN.
![](data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="73" height="73"><rect fill-opacity="0"/></svg>)