Reminder: There’s No Such Thing as a Hack-Free Home Camera

Quick question: Would you consider “privacy” an important quality you value, in terms of the outside world having a bird’s eye view of what is going on in your home at any given time? Even quicker question: Do you own any home cameras, and are they inside your house? If the answer to both of those questions was any iteration of “yes,” then the resulting advice can only be, get that shit out of your home.

That’s the conclusion we’d like to believe any sane person would likely draw, reading this week’s absurd report from South Korea, where four people were arrested after allegedly hacking an astounding 120,000 separate commercial home video cameras stationed in houses and businesses. As if that level of breach isn’t inherently icky enough, several of the suspects then reportedly used the hacked material to make and then sell sexually explicit exploitation videos of strangers to foreign-based web networks that illegally distribute hacked, pornographic camera footage. Likewise incredible, in our opinion: The statement from South Korea’s National Police Agency states that the four arrested suspects were all operating independently of one another, merely via similar means, which makes this story that much worse–the hacks were not the result of one talented person recruiting others, but numerous people all successfully circumventing camera security, suggesting that this did not exactly require WarGames-style computer genius to pull off.

The BBC refers to the type of cameras hacked as Internet Protocol (IP) cameras, saying that police explained the suspects exploited “vulnerabilities such as simple passwords,” in camera locales that included everything from pilates studios, to bedrooms and bathrooms, to karaoke bars or even a gynaecologist’s office. The gaudy numbers involved particularly make this case stand out: One suspect is accused of hacking 63,000 cameras and selling 545 sexually explicit videos, while another hacked more than 70,000 cameras and sold 648 videos. It would be almost macabrely funny if it wasn’t so disgustingly invasive: Who exactly are all these folks positioning security cameras in their own bedrooms? Or perhaps a lot more Koreans are having sex in … unconventional … spaces of their homes than one might assume? Regardless, it seems safe to say that these aren’t videos taken from someone’s porch or front door, which hammers home the universal truth we should be reminded of when it comes to these products: There’s no such thing as a “private” camera, when an internet connection is involved. If there’s an internet-capable camera in your home, you can never say for certain who might be watching.

In the U.S., we’ve already been through several rounds of panicked headlines about this same eventuality, although on nowhere near the scale of this brand new report from South Korea. You might recall the anxiety that surrounded Amazon’s Ring cameras back in 2017-2019, when customers reported a spate of hacking attacks that waffled between largely invisible intrusions of privacy and video recording, to active threats and harassment of some customers–including children–who were targeted by hackers speaking directly to them through their cameras. As you can imagine, if you put an IP-enabled camera in your child’s bedroom, then you may be vulnerable to having your child suddenly propositioned or threatened by a stranger who has been digitally peering at them. In the wake of these headlines, Ring vowed to implement new security measures and retained its position as one of the market leaders in home camera technology … only to face a fresh complaint from the FTC in 2023, alleging that employees and contractors of the company were widely accessing customer videos without their knowledge, and using those videos to train algorithms among other things. These practices, which the complaint stated “led to egregious violations of users’ privacy,” ultimately led to a $5.6 million settlement with the FTC in 2024, which was distributed to more than 117,000 affected Ring customers. Surely now the security lapses have been fixed though, right?

There are of course numerous other, competing home camera and security services available in the U.S. and abroad, and it’s more or less impossible for the consumer to tell which of them could have vulnerabilities, especially if those consumers are not particularly tech savvy and don’t understand certain aspects of the underlying technology. The growth and ubiquity of home cameras as an industry and a home feature speaks to our ever-increasing feeling of need for control, whether we’re talking about helicopter parents obsessively watching their kids or paranoid Boomers who wax poetically about the good old days where “people didn’t lock their doors,” while simultaneously suspecting their neighbors of Satanist blood sacrifices. The FTC can offer these people a complex list of best practices to follow in order to secure their cameras and lessen the risk of privacy invasions, but such a checklist is simply indicative of the many individual phases in which this technology can go wrong or be circumvented. A far more practical solution is to simply keep internet-equipped cameras out of your home altogether. Want to use one attached to your doorbell? Fine, sure: It’s hard to imagine what the market will be on the dark web for the videos that hackers collect of your front porch. But anyone thinking about putting one of these devices in their kid’s bedroom should simply know better by this point.

Because in the end, responsibility for the outcomes of these invasions of privacy is always ultimately foisted upon the consumer, rather than borne by the manufacturer and operator. If someone circumvents your Ring camera and the result makes you feel unsafe in your own home, it’s not like Amazon is going to swoop in to rectify the situation or give you back your sense of autonomy. Look no further than the South Korea story, in which the National Police Agency closes by stressing that “individual users” are the ones who bear the need to protect themselves: “Above all, it is crucial and effective for individual users who have installed IP cameras in homes or business premises to remain vigilant and immediately and regularly change their access passwords.”

Should you have to constantly “remain vigilant” about the threat of being spied on by invisible strangers? Or should we choose to banish the digital peepholes that make such a thing possible?