It’s only natural to expect security companies to prioritize protecting their customers, but this isn’t always the case. Whether you’re holding the magnifying glass up to skipped security measures, sold customer data, or questionable business practices, there’s a lot that security companies can improve.
We’re not here to accuse companies of misconduct without evidence. We just want to promote awareness so you can make informed decisions and companies can raise their standards.
At SafeWise, we spend most of our time writing reviews and guides, so we can’t devote our resources to reporting on current events in the same way as other websites. But behind the scenes, we’re scouring the news to learn about company reputations as part of our methodology.
Consider this an invite to check out our virtual sticky notes on the latest in home security news.
We understand the effort and skill that goes into this kind of journalism, so we recommend exploring the full articles using the links in each summary.
Check back occasionally, and you might find something new on our list. For tips and advice, check out our guide to preventing smart home hacking.
Recent hacks and breaches
Because the digital world is flooded with talk of hacks and breaches, we decided to break our findings into two categories: breaches and research on preventing them.
Accidental breaches tend to result from human error, lax policies, or underinvesting in security technologies. You see these breaches when companies skip steps like these:
Sensitive data encryption
Strong password requirements
Enhanced features like two-factor authentication
Deliberate breaches happen when determined hackers bypass customers to attack companies directly. By intentionally exposing sensitive data or degrading services’ effectiveness, hackers want a big payout or simply to spread fear.
ADT terminated an employee after a customer discovered an unauthorized account login. The employee had been illegally watching security camera feeds from hundreds of Texas customers for seven years. ADT is facing class-action lawsuits related to the incidents.
Various security camera brands including Google Nest
Researchers discovered a sextortion campaign focused on users of security cameras, including some from Google Nest. It likely came from harvested email addresses, but the researchers said there was no evidence that perpetrators possessed real videos.
Following an incident where someone remotely harassed a Mississippi girl using a Ring security camera, an Alabama man filed a class-action lawsuit against the company for failure to provide sufficient security. Ring suggested the hacks came from weak customer security but didn't encourage users to create strong passwords before the incident.
Public exposure of data from 2.4 million customers, including email addresses and Wi-Fi network information, but no passwords. The breach was an accidental byproduct of an employee conducting internal analytics work.
Security researchers help companies by discovering possible breach tactics before they occur. The research primarily focuses on the technology behind breaches and often informs the security strategies of businesses.
These finds aren’t as practical for everyday consumers, but you can pull them out of your back pocket to sound smart at your next dinner party.
Various security camera brands including Google Nest and Xiaomi
Researchers revealed how the size of the datastream from a security camera, which is typically unencrypted, could show outside observers whether someone is home or not. This is because security cameras don't use as much data when there's nothing to record.
Researchers spotted a vulnerability in iBaby baby monitors that could have given access to recordings, personal information, and the popular baby camera's controls. Only after this news became public did the company patch the vulnerability, despite the researchers' efforts to contact the company in the previous 10 months.
Researchers explained a bug that could allow hackers to fake a defective smart light bulb, prompting users to reinstall the bulb. After a reset, hackers could install malware on the Hue hub and home network. Philips Hue fixed the bug between November 2019 and February 2020, when the report went public.
Governments carry an absolute responsibility to protect citizens, so it’s important to recognize potential security failures when they crop up. Here are some activities, laws, and regulations to think about.
During a congressional antitrust hearing, Rep. Kelly Armstrong, from North Dakota, asked about Google's compliance with controversial geofence warrants in the wake of racial equality protests. Geofence warrants allow law enforcement agencies to access data from anyone in a certain place at a specific time.
Ring has partnerships with over 1,300 law enforcement agencies across the US, which present a threat to Americans' privacy and well-being—especially people of color—if abused, according to the Electronic Frontier Foundation (EFF).
While we understand that businesses first and foremost aim to maximize profits, that can create stumbling blocks for customer experience and lead to privacy pitfalls.
Amazon and Google
Both Amazon and Google require third-party partner companies to continually share status updates with them, potentially exposing user data to attacks. Previously, access to this information occurred only upon issuing a command.
The Ring app shares varying levels of user data with five companies: Facebook, Branch, AppsFlyer, MixPanel, and Crashalytics (Google). According to the EFF, the data presents a privacy hazard since marketing companies can track users.
Breaches usually lead to improvements if companies are willing to learn from their failures. Here are some examples of companies improving things after a breach (it doesn’t even have to be their breach).
Amazon, IBM, and Microsoft
Amazon started a one-year moratorium of police access to its facial recognition software following concerns that police would try to identify and target protesters. Microsoft and IBM have made similar decisions with IBM stopping facial recognition development entirely.
Ring added a Control Center to the Ring app so users can easily manage security settings. Some security features were previously in separate places, while others are new to Ring accounts, like two-factor authentication.
John is a technology journalist with over seven years of experience researching, testing, and reviewing the latest tech. Before joining SafeWise in 2020, John was an editor for Top Ten Reviews specializing in home security and the smart home. Learn more