I thought we said goodbye. When smart homes won’t let you and your ex go

About that shared account you thought you deleted when the honeymoon in your biometrically secured home ended….

A Florida Tech comp sci student named Blake Janes, has discovered flaws in network-connected doorbells and cameras that ignore your command and continue to give that persona non grata systems access.

According to a research paper published by Janes, 19 connected cameras and doorbells were tested, changing passwords or revoking permissions. Sixteen fell victim to authentication or access-control flaws that provided researchers with persistent access to the devices’ content.

Florida Tech said the compromised products were Blink Camera, Canary Camera, D-Link Camera, Geeni Mini Camera, Doorbell and Pan/Tilt Camera, Merkury Camera, Momentum Axel Camera, Nest Camera Current and Doorbell Current, NightOwl Doorbell, Ring Pro Doorbell Current and Standard Doorbell Current, SimpliSafe Camera and Doorbell and TP-Link Kasa Camera.

Researchers said the problem “largely” occurs because access changes are done in the cloud, not on the devices themselves.

The school has advised device owners to not wait for the vendors to fix their oversight. People should make sure they are running updated firmware. And after changing their password, people always should shut down and power up systems.

This could be a significant problem.

The consumer market for DIY standalone network security cameras is expected to grow rapidly, with facial recognition a key differentiator, according to a report last month. The market is expected to grow 80 percent, from $2 billion in 2019 to $3.6 billion in 2024.

Article Topics

access control  |  authentication  |  biometrics  |  cameras  |  IoT  |  smart homes