An international study, undertaken by Dr Gareth Tyson, Senior Lecturer at Queen Mary University of London and the Chinese Academy of Science, has used data from a major home Internet Protocol (IP) security camera provider to evaluate potential privacy risks for users.
IP home security cameras are Internet-connected security cameras that can be installed in people’s homes and remotely monitored via the web. These cameras are growing in popularity and the global market is expected to reach $1.3 billion by 2023.
For the study, researchers tested if an attacker could infer privacy-compromising information about a camera's owner from simply tracking the uploaded data passively without inspecting any of the video content itself.
The findings, published at the IEEE International Conference on Computer Communications (6-9 July 2020), showed that the traffic generated by the cameras could be monitored by attackers and used to predict when a house is occupied or not.
The researchers even found that future activity in the house could be predicted based on past traffic generated by the camera, which could leave users more at risk of burglary by discovering when the house it unoccupied. They confirmed that attackers could detect when the camera was uploading motion, and even distinguish between certain types of motion, such as sitting or running. This was done without inspecting the video content itself but, instead, by looking at the rate at which cameras uploaded data via the Internet.
Dr Gareth Tyson, Senior Lecturer at Queen Mary University of London, said: “Once considered a luxury item, these cameras are now commonplace in homes worldwide. As they become more ubiquitous, it is important to continue to study their activities and potential privacy risks. Whilst numerous studies have looked at online video streaming, such as YouTube and Netflix, to the best of our knowledge, this is the first study which looks in detail at video streaming traffic generated by these cameras and quantifies the risks associated with them. By understanding these risks, we can now look to propose way to minimise the risks and protect user privacy.”