[LINK] Security cameras can tell burglars when you're not home, study shows

Paul Brooks pbrooks-link at layer10.com.au
Sat Jul 11 11:51:21 AEST 2020


On 9/07/2020 10:25 am, Bernard Robertson-Dunn wrote:
> The risk is that "someone who is specifically targeting an individual
> household rocks up outside with a device to try and start passively
> monitoring traffic," he said.
>
> Tyson told CNN that an attacker would require a decent level of
> technical knowledge to monitor the data themselves, but there is a
> chance that someone could develop a program that does so and sell it
> online.

Which is to say - minimal to no risk. For this to be an issue, an attacker would have
to be in a position to observe and measure a household's upstream bandwidth use. And
be able to separate out and distinguish outbound traffic from cameras from outbound
traffic from computer backups, pool monitors, solar power systems, checks for firmware
updates from the other 10 - 40 devices in a house that do such things regularly even
when nobody is home.

For a fixed-line connection, this would be devilishly difficult, since the datastream
typically consists of idle frames between data frames, so anyone viewing the line
activity passively will see just a constant stream of bits regardless of variations in
'good data' - they would have to be tapped in to the line, and be decoding the data,
to tell what is video and what is not, and if they have that level of access to your
packets, video camera activity levels are the least of your problems.

For a wireless connection, they would somehow have to detect variations in
transmission duty-cycles, which is credible - but still be able to separate out camera
traffic from all the other outbound traffic 'background noise'.

This risk needs to be compared against the consequences of not incurring the risk -
the level of risk of a house or garage being burgled or vandalised, and the value of
being able to hand over the video-feed to the police to assist in finding the
perpetrators. Personally, I lean towards the latter.

It also needs to be compared to the risk of someone 'rocked up outside' just observing
people and car movements, and working out when all the people have left by observing
them leave and use of a pencil and notepad.

And of course - if they do break in - there are security cameras, but this attack
vector doesn't reveal the locations of the cameras, so a burgler is likely to be
captured by the system they detected was there!

Countermeasures include making sure the detection threshold includes pets moving
around, and having several pets, to make the cameras activate irregularly but often
even when no humans are home.

OTOH, smart security cameras that just transmit on motion detection do have benefits
in saving of bandwidth, saving of memory chip storage, and savings on power usage -
there are battery-operated cameras where the battery lasts up to a year, and so don't
need any form of power or other form of cabling to install, saving significant cost in
installation. They achieve the long battery life by  only keeping/storing snippets
when motion is detected, if they kept transmitting continuously the batteries would
run out and need to be replaced monthly. No cabling required at all, just screw to a
wall at a suitable place, and change the battery when you change the smoke detectors
batteries for convenience. The value of such systems vastly overrrides the risk of
this issue as a credible pathway to loss.

P.




More information about the Link mailing list