Swann Home Security Cam Sends Pics, Video to Wrong Users

John Lister's picture

A home security camera user was shocked to receive video from another user when she used a mobile app. The manufacturers say it's a one-off incident caused by human error.

According to the BBC, Louisa Lewis has used her security camera since December. The set-up means that when the camera's motion sensor is triggered, it makes a recording and sends an alert to her mobile phone, complete with a clip. (Source: bbc.co.uk)

However, last week she began receiving clips from another family's camera instead. After a string of alerts, she contacted the manufacturers. They later stopped the clips being sent to the wrong person.

Duplicate Security Key At Fault

The camera comes from Swann Communications, a European subsidiary of the American company Infinova Group. Swann says the problem was caused by human error during manufacturing that meant two cameras were made carrying the same security key. This encryption key, which Swann describes as 'bank-grade', is designed to secure the communications between the camera and the app.

The unexpected footage came from a family which had just bought a new camera. During set-up, it appears they would have seen an on-screen message saying "Camera is already paired to an account," but were able to ignore it and continue using the device.

Swann says it hasn't been able to locate the new camera's owners, but say that no footage has been seen by anyone else.

Not The First Such Case

The BBC investigated further and found a previous incident in which a family started seeing clips from a public house (a bar) rather than the footage from their own camera. In that case Swann is said to have blamed it on both users creating the exact same username and password. The BBC says that doesn't appear to have happened and note that this shouldn't have caused such a breach anyway.

At the time of writing, Swann had not addressed the incidents on its own site. It says there that its products are "designed with a goal to make the latest security solutions accessible, affordable and easy to use." (Source: swann.com)

What's Your Opinion?

Do the explanations for the breaches make sense to you? Would it be better if this was a case of human error rather than a more serious flaw? Do such cases put you off 'smart home security' or are they too rare to worry about?

Rate this article: 
Average: 5 (7 votes)

Comments

Dennis Faas's picture

I don't buy this argument one bit! Unless the app developers are incredibly stupid, there is absolutely no way a duplicate username and password would be allowed to be created on the system.

Checking for a duplicate username would be the first thing done when creating an account; even so, a duplicate password on another account would not matter. When the user account is created, the user name would not have been the primary key in the database - it should have been assigned a unique user ID (hashed) which cannot ever be duplicated (because the hash ID is created by time and day, plus the user name), and that should have been paired with the camera. The camera SHOULD have been given a unique device ID in the same manner - by time, by day, by camera number.

Also, for the company to claim that feeds were crossed due to the EXACT username AND password being used is a statistical anomaly (besides the fact that it should have never been allowed in the first place). I call BS!

I would NEVER trust this company after reading their official response to this mess.

Focused100's picture

Hi Dennis,

I ask every camera/security vendor if their passwords are hard coded and call them on it every time.
In the UK scenario even IF the user and pass was the same the PHONE was different which should have been an other tipoff to the vendor that something was amiss.