There Is No Perfect Smart Home Camera
Late last month, Consumer Reports revealed multiple security flaws affecting Wyze and Guardzilla smart home cameras. Flaws in the Wyze Cam V2 camera exposed users’ email addresses and passwords, along with their Wi-Fi network names and login credentials. And Guardzilla cameras had a flaw that permitted attackers to add more emails to the user’s account, thereby allowing unauthorized users to access the camera feed.
Both of these issues were patched before Consumer Reports published its findings. But the situation highlights a problem with smart cameras in general. Devices from smaller companies like Wyze and Guardzilla may be particularly subject to security flaws — they don’t have the vast pool of resources to hunt down and fix security flaws and vulnerabilities that bigger corporations do — and options from giants like Amazon and Google have their own problems.
Amazon shares surveillance data from its Ring cameras with the police, and Google is forcing Nest users to migrate their accounts to a new or existing Google profile, raising some concerns about data sharing. If you’re shopping for a smart home camera, you’re basically asked to make a choice between which you value more: the device’s security, or your data’s privacy.
Google, for its part, runs a team called Project Zero that’s dedicated to discovering so-called “zero-day” vulnerabilities in software throughout the tech industry that pose serious security risks. It also routinely undergoes rigorous certifications for its cloud software, and protects its users’ accounts with some of the most robust two-factor authentication in the industry.
As Robert Richter, program manager of privacy and security testing for Consumer Reports explains, “These are things that are just not feasible for a small company.”
“If you want that assuredness... then certainly a mature company like Google is going to have a lot of that for you,” he adds.
Your data might be safer from hackers with a big company, but it might be less safe from, well, the big company itself.
But buying a camera from a larger company may come with privacy implications, because corporations like Amazon and Google leverage user data in other parts of their business.
“Even the best companies on security, and nominally on data privacy, are still collecting significantly more amounts of data, or at least equal amounts of data on you, and have the ability, given the large size of the company, to do more with that data,” Cooper says.
Put another way, your data might be safer from hackers with a big company, but it might be less safe from, well, the big company itself, and whatever other groups it chooses to partner with.
The Amazon-owned Ring, for example, offers an app called Neighbors that lets users crowdsource footage from their exterior cameras to contribute to a makeshift neighborhood watch. The idea, in theory, is that if one person’s camera spots a would-be thief in the act, others in the neighborhood can be notified and take action. The reality is that these cameras can generate false leads and exacerbate racial profiling.
Amazon’s Neighbors service has also come under fire for sharing surveillance data with the police. Amazon has further worked with various local police departments, selling controversial face-matching software. This move not only made users uncomfortable, but resulted in demands from Amazon employees and even shareholders that the company stop selling the software to the government.
Google, thus far, has elected not to sell its facial recognition software to the government, though like many tech companies, it uses the software in various products, like Google Photos and the new Pixel 4 phone. Google Photos will categorize images according to who’s in them, allowing users to manually attach labels like “Steve,” and the Pixel 4 uses facial recognition to unlock the device. The company also offers the Cloud Vision API which, among other things, lets developers detect faces in images.
Of course, bigger companies have experienced security breaches, but they’re better equipped to fix them. In its reporting on the flaws in the Wyze and Guardzilla cameras, Consumer Reports noted it found some flaws it wouldn’t publish, for fear of empowering bad actors. Guardzilla was still working on a fix at press time. Meanwhile, earlier this year, Wirecutter uncovered a flaw in Nest cameras that allowed previous owners of used cameras to spy on the people who bought the devices. Nest fixed this issue a day later. The flaw might make trusting Google with a camera inside users’ homes just a little bit harder, but it also shows how quickly a large company can resolve major issues.
For now, Google says it won’t use video footage, audio recordings, or home sensor information to personalize ads, but Google’s policy may change in the future. The company also says that using Google Assistant — which is now built into newer Nest cameras, security systems, and even Wi-Fi hubs — will affect personalized ads. Using Nest hardware without letting Google listen in on you is getting a lot harder.
Google needs all the trust it can get as it develops more advanced cameras. The company’s most recent smart displays include facial recognition cameras that can tell who’s looking at the device and display information — such as calendar events or reminders — that are relevant to just that person. It’s an extension of the facial recognition software found in the Pixel 4, but it’s also yet another reminder of the immense power Google has within your home.
All of which is to say, when you buy a smart camera — or consider gifting one this holiday season — you should recognize that you’re making some kind of compromise. This technology is inherently sensitive; you should weigh whether you can stomach potential security risks, or providing more data to a giant company.
“I would try to make people aware that they are taking part in a much bigger ecosystem, and the cameras they’re buying are a part of that,” says Richter. “I would make people aware of the compromise between convenience and security and privacy, because that’s where we are as a society right now.”