I was really disheartened to hear about the recent Foscam and Trendnet hacking incidents. Naturally we have received questions from customers about Dropcam security so I wanted to address them here in more detail.
IP cameras haven’t changed much since the first ones were shipped in 1996, but the Internet, networking and security have. The way IP cameras are designed unfortunately lends them to vulnerability. The particular vulnerability used in this attack was one of the core reasons that we decided to take home monitoring back to the drawing board when we started Dropcam.
As a monitoring service Dropcam is designed to be secure out of the box, and our security model differs from that of an IP camera in three fundamental ways:
1. Dropcam’s security is based in the cloud, not the device. IP cameras accept connections from anyone with network access, and often openly accept connections from the public Internet (sometimes bypassing firewalls to do so). Our cameras never accept arbitrary connections — instead they only communicate with cryptographically-verified Dropcam servers.
2. Dropcam is secure over insecure networks. With end-to-end SSL/TLS encryption, Dropcam remains safe even if the network it operates on is unprotected or compromised. The only way to access your camera and to view your video is with your username and password through Dropcam apps.
3. Dropcam delivers software updates over the air. Many IP cameras remain vulnerable even after patched software is issued because customers often do not meticulously track and manually install software updates. (For example, an estimated 80% of IP cameras are not running the latest software, which might have prevented this most recent intrusion.) By contrast, Dropcam distributes regular software updates over the air which are applied automatically, and this means that all cameras are quickly and universally patched if there is an issue.
That said, security isn’t just a checkbox on a feature list – it’s a significant ongoing software effort especially when you are building an Internet-connected product. Dropcam started as a cloud software company and we’ve had Internet security in our team DNA since the beginning. Your privacy is paramount, so we will remain vigilant in providing more security and transparency to our customers. For instance, we recently began providing customers access to their account login history at:
https://www.dropcam.com/users/logins (note: must be logged in)
Expect to see more features along these lines in the future.