Swann Home Security Cam Sends Pics, Video to Wrong Users
A home security camera user was shocked to receive video from another user when she used a mobile app. The manufacturers say it's a one-off incident caused by human error.
According to the BBC, Louisa Lewis has used her security camera since December. The set-up means that when the camera's motion sensor is triggered, it makes a recording and sends an alert to her mobile phone, complete with a clip. (Source: bbc.co.uk)
However, last week she began receiving clips from another family's camera instead. After a string of alerts, she contacted the manufacturers. They later stopped the clips being sent to the wrong person.
Duplicate Security Key At Fault
The camera comes from Swann Communications, a European subsidiary of the American company Infinova Group. Swann says the problem was caused by human error during manufacturing that meant two cameras were made carrying the same security key. This encryption key, which Swann describes as 'bank-grade', is designed to secure the communications between the camera and the app.
The unexpected footage came from a family which had just bought a new camera. During set-up, it appears they would have seen an on-screen message saying "Camera is already paired to an account," but were able to ignore it and continue using the device.
Swann says it hasn't been able to locate the new camera's owners, but say that no footage has been seen by anyone else.
Not The First Such Case
The BBC investigated further and found a previous incident in which a family started seeing clips from a public house (a bar) rather than the footage from their own camera. In that case Swann is said to have blamed it on both users creating the exact same username and password. The BBC says that doesn't appear to have happened and note that this shouldn't have caused such a breach anyway.
At the time of writing, Swann had not addressed the incidents on its own site. It says there that its products are "designed with a goal to make the latest security solutions accessible, affordable and easy to use." (Source: swann.com)
What's Your Opinion?
Do the explanations for the breaches make sense to you? Would it be better if this was a case of human error rather than a more serious flaw? Do such cases put you off 'smart home security' or are they too rare to worry about?
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Duplicate user name AND password?
I don't buy this argument one bit! Unless the app developers are incredibly stupid, there is absolutely no way a duplicate username and password would be allowed to be created on the system.
Checking for a duplicate username would be the first thing done when creating an account; even so, a duplicate password on another account would not matter. When the user account is created, the user name would not have been the primary key in the database - it should have been assigned a unique user ID (hashed) which cannot ever be duplicated (because the hash ID is created by time and day, plus the user name), and that should have been paired with the camera. The camera SHOULD have been given a unique device ID in the same manner - by time, by day, by camera number.
Also, for the company to claim that feeds were crossed due to the EXACT username AND password being used is a statistical anomaly (besides the fact that it should have never been allowed in the first place). I call BS!
I would NEVER trust this company after reading their official response to this mess.
I completely agree
Hi Dennis,
I ask every camera/security vendor if their passwords are hard coded and call them on it every time.
In the UK scenario even IF the user and pass was the same the PHONE was different which should have been an other tipoff to the vendor that something was amiss.