The Internet of Things is not especially secure

  • By Paul Rubell
  • 24 Jan, 2017

Cameras and other surveillance devices are supposed to protect your home. It’s kind of bittersweet, then, that these devices are not especially secure themselves. Hackers can turn home protective devices such as cameras against their owners.  IoT cameras can unlock the door to your home instead of safeguarding it.

Samsung’s SmartCam home security cameras have gained widespread popularity due to their smartphone control, ease of use, and versatility to connect and communicate with many IoT-enabled devices in one’s home. Unlike many competing cameras, Samsung’s computer memory stores home-based sensor data and video files locally on the device, and not in the cloud. (Recently Samsung launched a SmartCloud program to offer optional Internet storage.)

Despite corporate promises of security, Samsung’s cameras have been hacked by a group known as Exploitee.rs. The cameras contain computer code that is vulnerable to remote access. As a result, it is possible to control the camera from a faraway location and worse, to download and view video files that were intended to remain private on the device’s local hard drive.

The privacy law implications of these kinds of vulnerabilities are profound. What responsibility would Samsung have, if a home that is supposedly protected by a SmartCam is actually burglarized because of the information that the camera sent to the burglar? What if the burglary deteriorated into assault or murder or rape or kidnapping? Would Samsung be adjudged responsible by a judge? Will liability insurance protect Samsung from a lawsuit by an injured customer?

The problem facing Samsung is that it knows all about the hack. If you can program code, you can hack the camera easily. A video how-to guide shows you how to write the specific computer code needed to exploit the camera’s vulnerability and more importantly, how to debug the hack. All that is needed to take over the camera is the administrator’s password. The hack allows one to change the admin password without knowing the original password. By bypassing the password reset process, the camera can be accessed and used by a false administrator located thousands of miles away — or across the street from your home.

Exploitee.rs has created an entire webpage devoted to the Samsung SmartCam and its vulnerabilities. A word to the wise: before you entrust your home’s security to a camera, be sure that the camera itself is secure.

The legal implications of security vulnerability are only beginning to emerge. The Internet of Things is a game-changer in terms of challenging people’s privacy. The law needs to catch up with technology or bad actors will be free to harm our society.

Cyberliability and Privacy Issues in the Food and Beverage Industry

By Paul Rubell November 2, 2018
Cyberliability and privacy are very important to the food, beverage and hospitality industries. Today the industry faces many 21st century risks. Paul Rubell addresses these risks.

Europe Can Regulate Your Company's Facebook Page

By Paul Rubell July 16, 2018
by Paul Rubell, Esq. Every company in the world that has a Facebook social media page may be subject to the European Union’s newly-enacted GDRP (General Data Protection Regulation) and the chokehold of EU law enforcement. Many businesses wrongly believe they are not collecting personal data via their Facebook pages but that is likely not […]

USA indicts the Chinese hacker who breached Anthem’s website

By Paul Rubell August 30, 2017
  by Paul Rubell, Esq. A 36-year old Chinese national from Shanghai has been indicted by a federal court in California for transmitting malicious software tools to companies located in the United States. Yu Pingan was arrested on August 27, 2017 when he arrived in the United States to attend a conference.  Pingan used the online pseudonym […]

Are violent selfies protected by the Constitution?

By Paul Rubell April 29, 2017
Taking videos is a form of expression that is guaranteed by the Bill of Rights. However, even free speech has constitutional limits. For instance, if you shout "fire" in a crowded theater, you can be arrested and the 1st Amendment will not protect you.

Not best practices: Apple’s iCloud is neither private nor secure

By Paul Rubell April 17, 2017
by Paul Rubell, Esq. Can your business survive a massive data breach? If your business stores, backs up or syncs its data to the cyber cloud, take note. Apple’s iCloud is currently the subject of ransomware. As you will read, the moral to this article is that confidential business data, trade secrets, customer lists and […]

Best practice to keep your trade secrets private: avoid Password Managers

By Paul Rubell April 17, 2017
by Paul Rubell, Esq. Information is the currency of 2017. For this reason it is mission-critical to keep data currency safe, secure and private. Just as gold bricks should be stored in a physical safe, data needs to be kept secret electronically. Passwords are the key to enter the digital vault. Strong passwords are designed […]

Twitter says hello to hacking; Users say goodbye to privacy

By Paul Rubell March 16, 2017
Enjoy my newest article. You can read more on my blog at paulrubellblog.wordpress.com.

Awaiting the President’s Cybersecurity Executive Order

By Paul Rubell March 13, 2017
by Paul Rubell, Esq. Witness today’s risks of cyber crime.  Hackers, bad actors and foreign governments have long had the ability to assault our Nation. Current events have opened citizens’ eyes to the reality of the cyber threat. It is remarkable how the public has either forgotten or turned a blind eye to well-known security […]

Net Neutrality is No More

By Paul Rubell March 3, 2017
By Paul Rubell, Esq. Internet users have been suddenly stripped of an important source of privacy protection.  On March 1, 2017, the Federal Trade Commission (FTC) and Federal Communications Commission (FCC) abruptly suspended the net neutrality rules that had been scheduled to go into effect on March 2nd.  Internet users in the United States have […]

Cross-Browser Tracking: It’s time to update your Privacy Policy!

By Paul Rubell February 16, 2017
by Paul Rubell, Esq. It is remarkable that many companies do not know the vastness of private information they obtain from their social media and website.  It is essential for every business to understand its legal responsibility to protect their customers’ personal information. OLD NEWS:  Web browsers can follow your voyage through the Internet. Firefox, Internet […]
More Posts