CR’s digital privacy and security experts offer their best advice for protecting your privacy
By Daniel Wroclawski
Smart security cameras are a great tool for keeping an eye on your home, whether for package deliveries, critters rummaging through your garbage cans, or intruders snooping around your house. But their “all-seeing” abilities can also be co-opted by hackers to spy on you via the internet. No wonder, then, that according to the 2021 Statista Global Consumer Survey, 28 percent of U.S. respondents worried that people could spy on them through their smart home devices.
News articles about home security cameras getting hacked have become all too common. You may recall a story from January 2019, which went viral, about a California family’s Nest security camera being hacked to play fake warning messages that North Korea had launched missiles at the U.S. According to the Mercury News, the family’s 8-year-old son was so scared he hid under the living room rug. It was only after calls to 911 and Nest that the frightened family realized they were victims of a hack.
Nest (now known as Google Nest) sent an email to its customers offering tips on how they can protect themselves, but the company itself wasn’t breached. Similar hacking incidents were reported with Ring cameras in December 2019, with one of the most chilling incidents involving a hacker talking to a little girl through the camera in her bedroom. Like Nest, Amazon-owned Ring said at the time that its systems also hadn’t been breached. But reports of these incidents continue, with one as recently as April 2022. In all these cases, it’s suspected that hackers got the log-in credentials to accounts by other means.
How Hacks Happen
One way security cameras are vulnerable to hacks is through a technique called “credential stuffing.” Hackers use usernames and passwords from other data breaches (that other hackers share online) to gain access to accounts. The combination of large data breaches, such as those at Equifax and Target, and consumers reusing the same passwords—52 percent of internet users reuse or modify the same passwords—make the work easy. In recent years hackers have made the log-in credentials for over 11.7 billion online accounts available on the internet.
This type of hack doesn’t require the breach of a security camera company’s system, so every brand is at risk. “These companies aren’t technically at fault,” says Fred Garcia, who oversees CR’s privacy and security testing for home security cameras. “Most companies offer a two-factor authentication system that acts as an extra deterrent against attacks like this. But there is more that these companies could do, like encouraging people to use that added security feature by default.”
How to Protect Yourself
Data breaches and subsequent credential-stuffing attacks won’t be going away anytime soon, but there are simple steps you can take to reduce the chances that your security camera will be hacked.
1. Keep Your Camera’s Firmware Up to Date
Manufacturers that are serious about protecting their cameras will routinely release firmware updates that fix software bugs and patch security vulnerabilities. Some cameras will automatically download and install these updates, while others require that you check for them on your own. (You’ll usually find an update button under the Settings menu in your camera’s app.)
2. Change Your Camera’s Password
In a nationally representative CR survey of 1,006 U.S. adults on data privacy conducted in May 2019, 13 percent of Americans with at least one online account said they used the same password for all their accounts. That makes it a cinch for hackers to gain access to multiple accounts. Always create a unique password for each account. Here’s the best way.
Do: Use something long and complex—like a random phrase or string of characters—with numbers, symbols, and uppercase and lowercase letters.
Don’t: Include any personally identifiable information, such as names, birthdates, etc. Hackers can often get this information from public social media profiles, such as those on Facebook and Instagram, and then use it to guess your passwords and gain access to your accounts. You also want to avoid simple, commonly used passwords, such as Nordpass’s 200 Most Common Passwords. For more tips on strengthening your passwords, read our tips for better passwords.
3. Set Up a Password Manager
These programs generate incredibly strong, random passwords for your digital accounts, securely store and remember them for you, and even automatically insert them into log-in prompts. Many password managers are free to use and available on an array of devices and web browsers.
4. Set Up Two-Factor Authentication
This is an extra layer of security. You opt to have your security camera company send you a single-use passcode via a text message, phone call, email, or authentication app that you use in addition to your username and password when you log in to the account. That way, if hackers crack your password, they still won’t be able to access your camera unless they also gain access to your passcode.
Many camera companies now offer two-factor authentication, and some even require you to use it, but there are still holdouts. That’s why we note whether cameras and doorbells offer two-factor authentication in our home security camera ratings.
All these methods can improve your chances of avoiding a hack, but they’re not foolproof. “None of these methods will work perfectly on their own,” Garcia says. “But right now, these measures are our best tools. Use them all!”
Top Cameras With Two-Factor Authentication
Consumer Reports conducts data privacy and security tests on wireless security cameras to help you find models that are as secure as possible. Cameras that include two-factor authentication receive a higher score. Our experts also inspect the user interface and network traffic from each camera and its companion smartphone app to make sure it’s using encryption, adhering to manufacturer policies, and not sharing your data. We evaluate each model’s public documentation (such as privacy policies) to see what claims the manufacturer makes about the way it handles your data.
Below are a few cameras that do well in our data privacy and security tests and offer the extra security of two-factor authentication. They’re listed in alphabetical order by brand.
Google Nest Cam Indoor NC1102ES
CR’s take: The Google Nest Cam Indoor offers strong data security and quick response speed for alerts, but it really shines in our video quality test, receiving an Excellent rating. The only downsides? The camera could have better data privacy, and it offers no free video storage—just 3 hours of still snapshots. However, it does play nice with Amazon Alexa and Google Assistant. With a Nest Aware subscription, you’ll get either 30 or 60 days of cloud storage for motion-triggered video clips, depending on the plan; intelligent sound detection; dog-barking alerts; person alerts; monitoring zones; and e911 to call your home’s 911 dispatcher regardless of your physical location. If you have the $12-per-month plan, you’ll also get 10 days of 24/7 continuous video recordings.
Note: Google has released a new Nest Cam (indoor, wired) and Nest Cam (battery), which can be used indoors or outdoors. They cost $100 and $180, respectively, and both feature 3 hours of free cloud video storage and built-in artificial intelligence to recognize and alert you to people, animals, and vehicles. Both models perform well in our tests, but not as well as the older Nest Cam Indoor.
Lorex 2K Pan-Tilt WiFi W462AQC-E
CR’s take: The Lorex 2K Pan-Tilt WiFi W462AQC-E is a CR Best Buy pick, thanks to its winning combination of solid performance and a relatively low price. It scores well in just about every test, with an Excellent rating for video quality. Its only weak spot is its middling data privacy, but that’s common among most of the top-rated security cameras in our ratings. This Lorex camera’s features include motorized pan-and-tilt so you can remotely move the camera to change its view (handy for large rooms or open floor plans); free video storage; thanks to its included 16-gigabyte microSD card; person detection; monitoring zones; and voice control via Amazon Alexa and Google Assistant.
Ring Stick Up Cam (Battery) 3rd gen
CR’s take: The third-generation Ring Stick Up Cam (Battery) is one of your best options if you’re on a budget. At $100, this camera works both indoors and outdoors and gives you person detection, monitoring zones, voice control via Amazon Alexa, and alert schedules so that you can silence alerts at certain times of day. In our tests, this Ring camera receives strong scores for video quality and response time, as well as a Very Good rating for data security. If you subscribe to a Ring Protect Plan, you’ll get a rolling 60 days of motion-triggered video clips and photo snapshots between recordings.
Passwords & Firmware 101
Online privacy and security are huge issues facing a lot of people today. On the “Consumer 101” TV show, Consumer Reports expert Maria Rerecich explains why it’s not just phones and computers that people should be concerned about.
Consumer Reports is an independent, nonprofit organization that works side by side with consumers to create a fairer, safer, and healthier world. CR does not endorse products or services, and does not accept advertising. Copyright © 2022, Consumer Reports, Inc.