Imagine sitting at home, watching television, playing with your kids or settling in for a night’s sleep. Seems utterly routine, right? More so if you have a residential security system, which you assume is providing an added layer of protection for you and your loved ones.
Now imagine carrying out those mundane activities while being watched the entire time by a stranger. That was the terrifying realization for a Saskatoon woman who learned that—unbeknownst to her—another client of the home monitoring company she used to protect her house was, in fact, able to view her every movement using the client’s own system login details.
“We could have easily been broken into or harmed if this had been in the wrong hands,” the customer, Shelan Faith, told CBC news.
So, how was Faith’s home security system breached? Not through the efforts of an experienced hacker, it turns out. The U.S.-based security firm that installed the system told Faith that the mishap was the result of “… a human installation error in connecting to the wrong email address.” It turns out another customer was able to access her in-home camera and approached the company to inform them of the mix-up, but to no avail.
That customer then proceeded to write a letter to Faith explaining that she had full access to the cameras in her home and provided details of activities she’d witnessed to verify that the letter wasn’t some kind of elaborate hoax. Faith, terrified by the details outlined in the letter, yet relieved that the author wasn’t acting nefariously when trying to inform her of the problem, contacted the security firm who tried to bill her thousands of dollars to cancel her security contract.
After the story broke in the media, the firm agreed to waive those charges and proceeded to cancel Faith’s home monitoring contract free of charge.
The sensational details of this story aside, it’s important to remember that this kind of error is very rare in our industry. But it underscores the vigilance with which customers should vet prospective home monitoring companies, and the threats posed by individuals who do, in fact, attempt to hack security systems.
Buyer beware
When contracting a security firm to protect your home, always research their reputation through word of mouth, online ratings websites or a simple, quick Google search to develop an understanding of its customer service reputation. Once you engage directly with the firm, be prepared to ask tough questions: How sophisticated are their home monitoring systems? Some security camera equipment lacks any type of security software, which can explain why some products cost hundreds of dollars less than other, more reputable systems on the market.
Another major question: Is the security firm reputable, or is it someone who shows up at your door and tells you that they can install a camera or security system in your house? Are their passwords and systems encrypted? How do they ensure that situations such as the one that affected Faith don’t happen to their customers? Do they have an in-house tech team, or do they outsource key functions, such as installation, to a third-party? These are all key queries.
While every customer should search for a great deal on their home security systems, remember the old adage that if it’s too good to be true, it probably is. Companies that offer bargain-basement rates are likely to provide shoddy service—or balk at cancelling service agreements or refuse to address glaring issues when errors (which happen to be their fault!) become obvious. That doesn’t mean you should overpay for home security, but do be aware that not all service providers are created equally.
Changing passwords
Most advanced home security systems nowadays are effectively plug-and-play—that is, once they’re installed, they require very little input from homeowners, except to arm and disarm when away from the house.
But as with any encrypted device, it does require one important step: changing the system’s factory password setting, assuming the technician who installs the system hasn’t already made that crucial change themselves. Why? Thieves are extremely clever and resourceful. As we’ve seen in cases where devices such as mobile phones are hacked, professionals have proven adept at gaining access to factory passwords and using them to break into security systems, rob a property and be gone before a property owner knows what’s happened.
The same individuals also have expertise in hacking systems outright, even without passwords. Working with a reputable service provider who uses the most advanced equipment available—e.g., one that ensures its software is regularly or automatically updated—is one way to mitigate this risk. So, too, is being proactive and changing your password on a regular basis, whether or not you’re the victim of a break-in.
Simply pick a day each month and be sure to change those essential login details (and don’t share them with anyone but your spouse or family members) to reduce your risk.
This wouldn’t have helped in Faith’s case, but if nothing else, we can take a lesson from that unfortunate incident and remind ourselves that home security does, indeed, require a high degree of vigilance on the part of residents.
Winston Stewart, President and CEO
Wincon Security