2

Background:

I have a google home and I plan to buy 1 or 2 cheap cameras to monitor my home when I'm not in it. I plan to have the camera connected to a wifi plug, so I can switch it off via the app over the internet. The google home device is not connected to any important device, except for a wifi bulb. Google home, the wifi plug and the cameras will be on the same wifi network. There will be no active laptop or computer on the network when the cameras are on.

Note:

I'm already aware that there can be a possibility of the camera having a backdoor or something, but it doesnt matter as I only plan on using it when I'm not at home.

Problem:

Is there any security vulnerabilities that can occur with the setup?
I'm mainly concerned about the cheap camera.

Nigel Fds
  • 453
  • 4
  • 11
  • 1
    Your setup is for me not fully clear. If I understand you correctly than all of these IoT devices are all connected to the same WiFi and all have connections to the internet. This by itself is probably less a problem for you personally but maybe for others, i.e. cheap cameras are often insecure and could be exploited to be part of a botnet. But the question is also if there are other important devices in the same network or are accessible from this possibly compromised network, like notebook or desktop computer, administrative interface of the router, printers ... – Steffen Ullrich Apr 10 '19 at 07:25
  • @SteffenUllrich there will be no active notebooks or computers on the network , also yes the question is more pertaining to the cheap camera .. also edited question – Nigel Fds Apr 10 '19 at 07:54
  • Depending on your specific setup there might be a difference between *"no active notebooks or computers __on the network__"* vs. *"... __or are accessible__ from this possibly compromised network"*. As for *"question is more pertaining to the cheap camera"* - as I said it can be exploited and be used to attack other systems. The risk is reduced if it is not always one but for the use case you propose it is likely that it will be active for longer periods - which should be enough to infect and misuse it. – Steffen Ullrich Apr 10 '19 at 07:58
  • @SteffenUllrich , so to rephrase .. the computers will be off when the cameras are on – Nigel Fds Apr 10 '19 at 23:32
  • 1
    I doubt that the router will be off since otherwise the cameras will not be able to reach the internet. So is the administrative interface of the router reachable by the cameras? In this case an attacker might try to take over the router which then affects all systems in the network, even your computes once you come back. – Steffen Ullrich Apr 11 '19 at 04:50

1 Answers1

0

There may be a lot of vulnerabilities in your setup:

As you plan to connect your devices with wifi, you open up at least for signal jamming. There are a lot of possibilities for a thief, like simply deauthenticate your cameras while he passes them (I expect the cameras not having an internal memory). Dependent on the wifi encryption it could also be (relative easily) possible to eavesdrop the communication between the devices.

You said you do not have other devices on the network. So you are planning to have a isolated wifi network? Or is this your regular home network? Dependent on that, there are a lot of additional vulnerabilities for your system. Every other device could be used as a target.

If you have an isolated wifi network, an adversary could also try to penetrate it. If you are not monitoring, you wouldn't even recognize that there's an intruder. When the intruder is in your network, it should be easy for him to manipulate data, inject new data or simply eavesdrop. He can target each layer of the protocol stack now, especially if your "cheap" cameras use bad crypto.

m4rc0
  • 1