Home Security Camera Sends Video To Wrong User

An anonymous reader quotes a report from the BBC: A leading security camera-maker has sent footage from inside a family's home to the wrong person's app. Swann Security has blamed a factory error for the data breach -- which was brought to its attention by the BBC -- and said it was a "one-off" incident. The BBC first learned of the problem on Saturday, when a member of its staff began receiving motion-triggered video clips from an unknown family's kitchen. Until that point, Louisa Lewis had only received footage from her own Swann security camera, which she had been using since December. The development coincided with Ms Lewis's camera running out of battery power and requiring a recharge. A Swann spokeswoman said that "human error" had caused two cameras to be manufactured that shared the same "bank-grade security key -- which secures all communications with its owner." "This occurred after the [family] connected the duplicate camera to their network and ignored the warning prompt that notified: 'Camera is already paired to an account' and left the camera running," she added.

blame the end-user

[burgundy]

A subtle attempt to shift blame to the people that bought this piece of (apparent) junk, ""This occurred after the [family] connected the duplicate camera to their network and ignored the warning prompt that notified: 'Camera is already paired to an account' and left the camera running," she added."

'Camera is already paired to an account'? Could mean it's already been paired to my account and I'm trying to re-pair it. Could be a message indicating success – that you've paired it to the intended account. I'm sure the company will claim this message's meaning is crystal clear and that the people who bought it are partially to blame. I'm not buying that (the dodge or the webcam).

The cloud

[110010001000]

Another good cloud implementation. The video leaves the local network, goes to some server somewhere where anyone can access it, and then the server sends it to someone else. Of course, you COULD just store the video on the local SDcard in the camera, but then it wouldnt be cloud enabled.

Re:Bank-grade security key?

[Nidi62]

It's like the phrase "highly classified" - it means nothing. In the US something can be classified as confidential, secret or top-secret. There is no category "highly." So what is bank-grade? I mean, we're talking key size here, so just give us a number. And obviously the implementation is broken if human error can put the same key on different devices.

Is that like the "military-grade aluminum" Ford has been advertising as making their trucks out of now? Does that mean they were made out of recycled beer and coke cans picked up in military bases from Bagram to Bragg?

Poor Quality

Poor Programming and "DevOps" done by the team.

-Poor manufacturing quality control [ duplicate key ]
-Poor programming - duplicate key not detected
-Poor testing - duplicate keys should be rejected
-Poor security - duplicate keys should be revoked
-Poor quality App Testing
-Poor quality hardware/software integration - duplicate keys should be rejected by server, and a new key generated

I build my own security cam with a raspberry pi, a CSI camera, and an infrared detector, it cost less then $100. It mails me snaps of motion, and doesn't need "cloud" access. It also avoids all these problems above.