Smart doorbells: one of the cleverest pieces of home security kit or a backdoor for hackers to gain access to your home network?
Video doorbells have many useful and practical features. Wireless connection lets you see and speak to anyone at your door before you open it. You can check the external boundaries of your property without getting up from your armchair. You can also watch your mailbox and anyone who tries to interfere with it. So, is the wireless link from your video doorbell to your smartphone all good then? Are there any nasty hidden surprises that might catch you off guard? Well, unfortunately the sad truth is there might be. Unless you take all the necessary precautions available to you, you may find that cheaper off-the-shelf video doorbells don’t do enough to stop bad actors infiltrating your network.
How can smart video doorbells get hacked?
The security of any inter-connected device like a video doorbell is dependent on the strength of its password.
The stronger and more randomised it is, the better.
The weaker it is, the easier it will be for hackers to get access to your devices and home network.
If you rely on the regulation ‘123456’ or variations on your name and initials for your default password, it will take a seasoned criminal with password spamming software just seconds to break it.
Once that happens, you’re in big trouble.
You’d be surprised how many people set up their devices this way. Many will rely on the factory settings for the password, whilst others will stick with their original choice and not make any attempt to update it.
These are big mistakes. Change your password, and username if necessary, often: do not wait until you get a reminder to do so. By then it will be too late.
Whenever you use a smart device, data from that device moves in parcels to data centres all over the world. That’s why it’s imperative that this data needs to be encrypted or scrambled to stop unwanted eyes looking at your information and being able to see your password.
Most devices will use encrypted data, but this isn’t true for all. Generally, the more you pay for a product, the greater security and peace of mind you’ll get.
If you buy the cheapest video doorbell, then there’s every chance that any data it sends may well be sent unencrypted and that vulnerability means that not only will potential hackers be able to see your device password, but also your wi-fi password.
Full device takeover
If you’re unlucky you could find that not only do hackers manage to get access to your video doorbell, but in a worst-case scenario, they could completely take it over. If full device takeover happens then hackers at best could interfere with your device and make it ring in the middle of the night or adjust the volume up or down; at worst, other devices and security controlled by your home network. That potential is the scary part.
What threats could you face from a hacked video doorbell?
The biggest threat most homeowners face is being unaware their privacy and security have been breached until it’s already happened. By then, of course, it’s too late as the damage has been done.
But to be in a position where you can take steps to ensure your smart doorbell and home security devices are safe and secure, you need to know what potential problems and threats you might face if you fail to act if you are a victim of hacking. Here are a few for starters:
If someone hacks your video doorbell you might find your doorbell ringing at sorts of hours in the night. Granted this might only be annoying for most people, but if you’re elderly this interference can be frightening. The more serious consequence of ceding full device control to unscrupulous hackers are security concerns.
Intruders will have full access to your security recordings and have insider knowledge about your daily habits and routines. They’ll also know when your home is empty. This leaves you and your home vulnerable and at risk.
Exploitation of the home network
A video doorbell is not only a point of entry into your home: a hacked video doorbell is a point of entry into your entire home network. You might not have given it much thought but think of all the connected devices in your home that might contain personal and private information – devices like TVs, laptops, tablets, and computers.
If you give a hacker unhindered access to your home network through lax video doorbell security, think of how much personal data an intruder could harvest. If that doesn’t prompt you to want to take precautions, then nothing will.
You might associate botnets with large scale attacks on institutions and multinational companies, but the scale and scope of this nefarious practice is far-reaching. Botnets function by harnessing the collective power of hundreds, even thousands, of devices: devices like hacked computers, laptops, tablets, and even smart devices like video doorbells.
They then use this collective power to launch wide-ranging and large-scale attacks of big businesses and companies. If your smart doorbell device has weak security settings, or if you haven’t bothered to take the necessary security precautions, your device could fall prey to such scams and be used to form part of the next botnet attack on a business.
What can you do to keep your video doorbell safe from hackers?
If you buy a cheap video doorbell, then the chances are that you are more likely to be susceptible to hackers who target devices with known security shortcomings. They do their homework, and they identify those devices which they know are weak or fallible.
Having said that, it doesn’t always follow that if you buy a more expensive smart doorbell your home security will be better protected. You need to check all the test reports before you commit to buying any smart device, but as a rule of thumb it’s fair to say the more you pay the better the quality of device you’ll get.
But are there things you can do to improve the security of your existing smart doorbell?
Can you make any improvements and tweaks which will avoid the need to spend the cash for a more expensive device?
Change the password
We’ve already covered this issue once, but it bears repeating. Changing the password on your smart device is one of the simplest yet most-effective ways of beefing up security.
Never rely on the default password that comes with the device: doing so is a recipe for disaster. Default passwords are weak and easy to hack. Aim for the most secure username and password you can come up with.
A combination of 3 random words is often secure and difficult to hack. Once you’ve done this, remember to change your password and don’t wait for prompting from your device.
Keep the software up to date
Software updates are often regarded as a nuisance, but they serve a worthwhile purpose. Most software updates are usually aimed at reinforcing the security of our devices rather than adding new features.
They are also often targeted at exploits that have been identified by the manufacturer or ethical hackers. If you receive a notification advising that a latest update is available, then download it as soon as possible.
Better still, turn on the auto-update if possible; or check for updates if you can’t. Also remember it’s not the device that might need an update: connected Apps on your smartphone might require them too. If updates are available on your smart devices, download them.
Use two-factor authentication
If you could put one hurdle in the way of a hacker, then we would suggest using two-factor authentication. As hurdles go it’s one of the biggest.
Two-factor authentication is an extra one-time-use password sent to you when you try to login. It’s sent to your phone so only you can see it – not the hacker – and once it’s used, you’ll need to request another to login again.
If in doubt, don’t use the device
If you buy a smart doorbell about which you have security concerns, then the smartest thing to do is not use it. You could take a chance with it of course, but is it worth the risk?
Delete unnecessary/unused footage
If you no longer need the footage recorded by your doorbell, then our advice is to delete it to free up more space for future recordings.
If you also subscribe to a video doorbell subscription service and store footage which you have little or no use for, then the advice is the same: delete it. It has no use.
If you decide to sell or scrap your video doorbell, then make sure you restore the device to factory settings before you do. This will ensure that all personal data has been deleted from the device. It might sound obvious, but many old devices still retain personal information, and this is like gold dust to hackers.