Over the weekend, the security community heard rumors about a potential issue with the NETGEAR Internet of Things wireless security camera. A user reported to the privacy subreddit that after returning the device and not uninstalling the app or deleting an account, the user was still able to see camera footage from the new owner’s camera – a clear privacy breach. The user accuses NETGEAR of having poorly planned out processes for change of ownership scenarios. The reaction from the tech community lacked disbelief and sympathy. Many others reported similar issues with brands other than NETGEAR. In fact, there are websites that list all the world’s internet of things (IoT) cameras that are plugged in but not configured to keep the world out.

Companies Dive Headfirst into Internet of Things (IoT)

Companies are often eager to push forward with new technologies; they’ll push products and entire system processes out without thorough testing which often ends up resulting in disasters at the expense of the end user. Progress often comes at the expense of a few public relations disasters; following which, Congress comes in to dial things back.

Theoretically, NETGEAR can see all the video put up by all their surveillance cameras everywhere – but that’s what happens when you stream directly into their cloud and not your own. A more secure wifi connected camera setup that is often suggested involves segregating your cameras, and potentially other IoT devices, onto a separate wireless network that you access only via VPN.

Is there actually an issue with NETGEAR’s Arlo Q Wireless Security Camera?

Regarding this particular instance, there isn’t enough publicly available information to really sound the alarm. Another subreddit, /r/netsec, dismissed the rumor immediately because it lacked evidence. While /r/privacy and Hacker News didn’t doubt the rumors for a second, the discussion that followed the entirely believable rumor, highlighted the security issues surrounding wireless cameras and other internet of things devices. This rumor clearly struck on a sensitive chord – Internet of Things security is hard.

For their part, NETGEAR a customer service representative did admit to me that the described issue is entirely possible if the new owner plugs in the wireless camera before the new owner sets up his or her new NETGEAR account. NETGEAR remains adamant that adding a camera to your account on their proprietary cloud does automatically check a centralized database to see if the camera’s serial number has been used and automatically make sure that only the new account can whitelist accessing devices. NETGEAR straight up denies the rumour – but where there is smoke there is fire – learning to properly secure your devices is necessary to maintaining one’s privacy nowadays.