Which IP Camera App Out There Is Most Secure?
- A researcher has tested 10 IP camera apps, and only two of them demonstrated adequate security levels.
- The other eight lack too many features and precautionary measures, so the majority is unsafe.
- An important aspect of the app’s security lies in the user and the strength of the set password.
Avast has tested out ten of the most popular IP camera apps in the market and evaluated the aspect of “account security” in all of them. Thanks to the massive popularity of IP cameras today, there are many millions of users of each of the tested apps.
Thus, any security or privacy flaw in them has dire consequences for a large number of people. We have previously presented problems in TP-Link cams, the Wyze Labs infrastructure, Ring cameras security, and the Xiaomi camera feed mixup. Clearly, the field isn’t free of problems, and it couldn’t be. But which one is the most secure and trustworthy?
The apps that were tested by Avast’s researcher Marko Zbirka are the following ten:
- Blink
- Wyze
- YI IOT
- YI Home
- Wansview Cloud
- MIPC
- Jawa
- CloudEdge
- Amcrest Cloud
- iCSee
The points that determine which app is secure and which one isn’t have to do with the existence of one-time passwords, brute force protection against password cracking attempts, generating notifications upon a new device connection, and any password-setting restrictions that are in place. Additionally, the researcher checked if the data traffic between the app and the vendor’s server is encrypted and whether a strong encryption scheme was used.
One of the most positive findings of this small study was that all apps used some form of encryption for their communications with the server. Also, all of them obliged the user to set up a password to access their accounts, although not all of them demanded that a strong one must be used. As for OTPs, brute force protection, and device connection notifications, there were mixed results.
The two most secure apps were determined to be Blink and Wyze, although these weren’t perfect in every sense. Wyze could set 2FA to default and send failed login notifications to the account holder, not the hacker. Blink could get even better by forcing the user to select a strong password instead of “any” password.
As for the least secure apps, there’s no point in making any discriminations there since all of the other eight apps are more or less at the same level. What this tells us is that IoT security still has a long way to go, and is actually far behind from where it should already be. Keep that in mind the next time you’re on the look for a new IP camera and opt for the most secure product with your money.