Keeping your home security cameras safe from hackers is an essential step if you’re going to bring these recording devices into your home. If you can access your camera over the internet, someone else theoretically can access or “hack” it as well. Thankfully, there are some simple steps you can take to protect your security cameras from hacking so you don’t need to sacrifice the benefits of having a surveillance camera protecting your home over fears that your personal moments will be shared on the internet in high definition video.
To keep your cameras safe from hackers:
- Choose a router with Wi-Fi Protected Access (WPA) or Wi-Fi Protected Access 2 (WPA2) security, which encrypts your data.
- Enable your cameras’ built-in firewall, which monitors and controls information coming to and from the camera. Instructions for doing so will be included with your cameras.
- Protect your cameras with a strong password. If your cameras come with default passwords, change them immediately.
- Protect your Wi-Fi router with a strong password (different from the ones for your cameras).
- Turn on two-factor authentication if it’s offered. (All the home security camera companies in our ratings require two-factor authentication.)
- Keep your camera’s firmware up to date.
- Use your cameras’ geofencing capabilities to turn them off when you’re home. Instructions for doing so will be included with your cameras.
Can Home Security Cameras be Hacked?
Any device connected to the internet can be hacked, and that includes home security cameras. Wired cameras are less vulnerable than Wi-Fi cameras, and those with local storage are less vulnerable than cameras that store video on a cloud-based server. However, all cameras can be hacked. This could allow someone to watch you, listen to you, and record your activities without your knowledge. They also potentially could access any other devices on your home networks, such as your computer or smartphone.
“All security cameras are vulnerable,” says Arup Mukherjee, a software engineer for 25 years and founder of Camect, a smart network video recorder designed to make security cameras more secure. “The brand of camera and how it is set up on the network are the most important risk factors. Some manufacturers are more security-conscious than others, and most of the risk of having a home security camera can be mitigated if you take appropriate precautions on your network.”
Most home security camera hacks aren’t the fault of the camera company. They usually happen because homeowners used the same password on another site and that database was breached, or because they didn’t change the default password on the camera when they bought it. This is what Ring alleges happened in the well-publicized case of the Ring camera in a young girl’s bedroom that was hacked.
Sometimes, however, it is the manufacturer’s fault. Cloud-based security cameras store their footage on a server, and hackers can attempt to infiltrate those systems to access that footage directly. They’re more likely to succeed if the camera company doesn’t implement good security practices. “Some cameras work with a cloud service and send all of your video data to the cloud,” Mukherjee says. “This type of camera is also vulnerable to hacking of the cloud service or theft of your video data from your cloud service, even if the hackers cannot directly connect to the cameras on your home network.”
This is why you should only purchase security cameras from well-known companies. “Look for a brand that’s been around for years and that you know and that has as many positive reviews as possible,” says Jordan Frankel, vice president of security consulting firm Global Security Experts Inc. You don’t want to leave the security of your camera footage in the hands of a company you don’t trust. In that case, it doesn’t matter how strong the password of your Wi-Fi router is. “They have access to see your footage because it’s on their servers,” Frankel says.
Setting strong, unique passwords is hard, and coming up with a new one for every service you use is virtually impossible. But you should never reuse passwords, as this is how most home security cameras get hacked. More than 65 million passwords have been accessed by hackers due to company data breaches at large organizations such as Equifax, Marriott, and Capital One and published on the web for anyone to see. So, if you use the same password for evite.com as you do for your home security camera, you’re making yourself vulnerable. (If you want to see if your email address or passwords have been exposed, visit Have I Been Pwned.)
The easiest way to set strong passwords is to use a password manager that generates long, strong passwords for you, which you never have to remember. Well-known, trusted password managers include 1Password and LastPass. These companies have apps and browser extensions you can use to generate new passwords, store them, and then fill them in on your smartphone, computer, or tablet when needed.
An alternative is to write your passwords down in a physical notebook (not in a Word file or Google spreadsheet, which can also be hacked). If you go this route, you’ll need to create your own passwords. The Electronic Frontier Foundation suggests using a set of dice and a list of at least six words to create a strong password phrase. A passphrase is a password made up of a string of words instead of random characters and is therefore much longer than most passwords. The longer a password is, the harder it is to guess. Even though random characters and symbols may seem more secure, shorter passwords are more easily guessable by computer programs than longer ones.
A good password should:
- Be long (a minimum of 12 characters, although longer is better)
- Use a combination of numbers, symbols, and upper and lower case letters
- Never use personally identifiable information, such as a street you live on, your birthday, or your email address
- Never be reused
- Contain dictionary words as long as they don’t make sense (HasteStarryHelpRainBowBurnImp instead of CatInTheHat)
How Often Should I Change My Passwords?
If you have long, strong, secure passwords, changing them once a year is probably sufficient. Research has shown that being forced to change your passwords often actually makes people use weaker passwords. The National Institute of Standards and Technology changed its guidelines in 2017 to recommend that people not be required to change their passwords as frequently. But you should change your password if any of the following happen:
- A service you use informs you of a security breach.
- You suspect someone has attempted to access your account.
- You find malware, ransomware, or other unauthorized software on one of your devices.
- You logged into an account while using a public computer or while using an unsecured public Wi-Fi hotspot, such as at an airport or library.
Also known as two-step verification or 2FA, two-factor authentication is a security measure that verifies your identity by using an additional layer of security in addition to your password. This usually involves a separate device or second piece of information (often a one-time generated code) that you have to activate or enter before you can get into your account. The benefit of 2FA is that even if someone obtains or guesses your password, they still won’t be able to access your account.
When you set up 2FA on your account, you’ll be asked if you want a text message, phone call, or email to deliver these one-time codes. Alternatively, you can use an authenticator app. This is the safest method because hackers theoretically can intercept your text messages, phone calls, and emails). However, all of these methods are far better than not having 2FA set up at all.
To set up two-factor authentication with an authenticator app, follow these steps:
- Download an Authenticator app such as Authy or Google Authenticator.
- Open the account you want to secure.
- Go to Settings and look for the Security and Privacy section.
- Select “Set Up Two Factor Authentication” and follow the steps to secure your account.
- Open your authenticator app and scan the QR code provided or enter the details provided by the account you are setting up to connect it to the app.
The app will now ask for a one-time authentication code every time you log in, which you can retrieve from your authentication app by simply copying and pasting. If the app doesn’t offer the option of using an authenticator app choose text message, email or a phone call to receive your code.
Updating Your Cameras’ Firmware
Firmware is the software that runs your cameras. “Every security camera is a computer, just like your smartphone is a computer,” Mukherjee says. “The software on these cameras needs to be updated periodically with security updates to ensure that hackers cannot access your camera. Unfortunately, many cameras don’t get automatic software updates and can become vulnerable to hacking as people discover security holes. As a result, be sure to check for firmware updates periodically in the “Settings” section of your cameras’ mobile app. If a new version of the firmware is available, there will be an option to download and install it.
It’s always advisable not to put indoor cameras in bedrooms, bathrooms, or other explicitly private spaces. If you’re really afraid of being watched, unplug or physically cover the camera when you’re home. Consider opting for a camera that gives a physical indication when it is recording or in live view mode so that you can always tell at a glance if someone is watching.
If you are concerned that someone might use your wireless security cameras to exploit a vulnerability in your home network and gain access to other devices such as personal computers, consider setting up a separate network with a separate router for your cameras. “Where the camera network connects to your main network (e.g. at your router) set up rules to ensure that no unexpected communication can occur between your cameras and other devices on your home network, or between your cameras and unknown destinations on the internet,” Mukherjee says.
How U.S. News Evaluated Home Security Cameras
We explain what matters most to consumers, experts, and professional reviewers when it comes to home security cameras. Then we provide an unbiased evaluation of the cameras available at the time of review. Our goal is to empower consumers with the information and tools they need to make informed decisions. More information about our 360 Reviews methodology for evaluating home security cameras is here.
U.S. News 360 Reviews takes an unbiased approach to our recommendations. When you use our links to buy products, we may earn a commission but that in no way affects our editorial independence.
Dennis has been a professional security consultant space based out of Chapel Hill for over 15 years. His experience runs the gamut between government and private organizations (specifically in the finance and insurance sector) with a specialty in consulting for executive and high-value protection surrounding Kidnap and Ransom mitigation.