Group Actions
Engagement
  • Author Author: shabaz
  • Date Created: Date Created
  • Views 1119 views
  • Likes 9 likes
  • Comments 10 comments
Related
Recommended

Swann cameras may be worth avoiding for a while..

shabaz

Rather shocking security issue, reported here:

https://www.bbc.com/news/technology-44628399

 

Long story short, users are seeing video captured from cameras they don't own.

Quite pathetic how come the system would allow such a situation to occur so easily - both the hardware and the software ought to have been designed to eliminate this possibility, from using guaranteed unique hardware keys (permanently burned in) to software developed and tested at a significant level commensurate to the high value of the data (i.e. the video) that was at risk if they got it wrong..

It's not as if security technologies do not exist. They exist, but in the reported system, on the face of it, maybe they were badly implemented or were not used at all.

Parents

  • This article about TappLock (was that mentioned here on e14 earlier?) seems to hit the nail on the head pretty good:

    https://blog.hackster.io/the-tapplock-a-typical-iot-problem-child-60dff98a0407

     

    In a nutshell:

    "There’s a great deal of pressure on startups to ship product..."

    "Prototypes, intended as nothing more than proof-of-concept, have an alarming tendency to ship as product."

    "Not thought about during the prototyping phase... security is often times bolted on top as an after thought, after the prototype has already become the product."

     

    It seems a lot of startups are designed for the short term.

    I've also noticed a lot of such places are using very junior talent who often don't think far enough ahead.

     

    -Nico

  • in reply to ntewinkel

    Although... Swann isn't a startup anymore, is it?

  • in reply to ntewinkel

    Hi Nico!

     

    Interesting product your startup makes.

     

    Regarding Swann, their website states they are a 'global leader' and have presence in 40+ countries. It's awful customer-handling too you say. Definitely a case-study of what not to do!

    I am considering upgrading our ancient (8-year old model) Panasonic IP security cam this year.. it's been reliable except the fan started to whine in winter time. It is only standard-definition so due an upgrade. Swann wasn't on the list to be honest.

  • in reply to shabaz

    Oh wow, when a  'global leader' has this kind of bugs, it makes you wonder whether we are heading for a tech collapse!

  • in reply to ntewinkel

    I think it's just a lack of respect for their customers with some of their most valuable data.

    Engineers have gone to the effort of developing suitable security chips and software technologies, and organisations like banks manage to prevent users having the same username, and securing bank records, using known well established methods, many of which are open source. Sure things can go wrong and there could be zero-day vulnerabilities, but what happened here was through ordinary use of the product and is just embarrassing. They possibly didn't invest in the hardware and software to ensure security, because they possibly didn't respect nor place a decent value on their customer's data.

Comment
  • in reply to ntewinkel

    I think it's just a lack of respect for their customers with some of their most valuable data.

    Engineers have gone to the effort of developing suitable security chips and software technologies, and organisations like banks manage to prevent users having the same username, and securing bank records, using known well established methods, many of which are open source. Sure things can go wrong and there could be zero-day vulnerabilities, but what happened here was through ordinary use of the product and is just embarrassing. They possibly didn't invest in the hardware and software to ensure security, because they possibly didn't respect nor place a decent value on their customer's data.

Children
No Data