How a technician hacked his customers’ cameras

The man behind the camera

Telesforo Aviles, a former technician at ADT Security, admitted to hacking his customers’ home video cameras and now faces up to five years in prison.

Over four and a half years, Aviles hacked the home cameras of at least 200 customers. He did it by adding his own email address to the list of authorized users, either secretly or by telling his customers that it was necessary for testing the system.

Aviles targeted women he found attractive and secretly watched them as they dressed or engaged in sexual activities. He logged into people’s home security cameras almost 10.000 times before someone in the company noticed his unauthorized access.

Unfortunately, this is not the first time a device meant to increase privacy and security ended up backfiring. Why does that happen so often?

“Aviles targeted women he found attractive and secretly watched them as they dressed or engaged in sexual activities.”

Don't trade away your privacy

As more smart solutions reach our homes, we encounter a certain paradox. People are increasingly concerned about their privacy, but they are willing to give it away if offered a good deal in return. They don’t mind that their home camera footage is stored in a company’s servers, as long as it allows them to use the system to turn the lights on and off and see what their dog is doing.

However, before allowing more IoT devices and third-party services into your life, it’s important to evaluate whether the comfort you’ll get from a new home security system actually outweighs the risks. Maybe you’ll be fine without it? Or perhaps there’s an old-fashioned/analog solution that would work just as well. Maybe you don’t need the overengineered shiny new thing at all.

If you decide to get a smart solution for your home, don’t just trust the company with the best price. Sure, reviews and customers’ experiences are important, but you must also do serious in-depth research – your privacy and physical safety is at stake. Here are five steps that can help you stay safe:

1. Find out exactly what information the company will have about you and what data the device itself will log and store.

2. Are there any secret backdoors? Look for security experts’ opinions on the matter – don’t just scan through customer reviews.

3. Can you grant and revoke permissions and access to your data and/or device?

4. If a single system is responsible for your entire home's security, you should follow the company closely. Set up Google Alerts to be notified if the company has a data breach or a new vulnerability is found.

5. If something comes up, act quickly to secure your accounts and devices. If it’s serious, consider uninstalling the app, shutting down the devices, or freezing your account until the vulnerability is fixed.

More ways to protect your privacy online

Once lost, privacy is difficult to get back. And while becoming completely anonymous is impossible, there’s a lot you can do to minimize your online footprint and protect your private information. For more tips on becoming an online ninja, read our ultimate guide to data privacy. Meanwhile, here are the essential tips you should follow:

• Review permissions for your apps and computer software. Apps can be incredibly intrusive. That’s why you should always carefully evaluate whether it really needs the permissions it’s asking for. There’s no reason for a speedometer app to have access to your contacts list. So review your app permissions on all devices and look into built-in software as well. For example, Google, Siri, or Cortana can all be very intrusive, so don’t leave them with the default settings.
• Protect your passwords and usernames. Most of your online life is protected by passwords. Your job is to make sure they are strong, unique to every account, and stored safely – either in your head or, more realistically, in a NordPass password manager. Whenever you get a new connected device, change the default username and password when setting it up. Most of the factory-set credentials can be found online, so if you don’t change them, the device could end up being a gateway for hackers to other parts of your home network.
• Don’t share information about yourself online. Posting a picture of the deconstructed cheesecake you had last night probably won’t have a huge impact on your privacy. However, if it includes a geotag, it’s an entirely different story. It can reveal your exact location, your favorite places to visit, and together with your photos and posts, it could create a detailed picture of your life. Social media is a gold mine to anyone who wants to collect your personal information and use it against you. Don’t help them – always be mindful of what you share.
• Use security software. Antimalware, ad blocker, and a VPN will go a long way towards protecting your data and devices. Even if you slip up and click on a malicious link in a phishing email, a good antimalware tool will notify you about a virus you just downloaded to your device. A good VPN might even stop you from accessing the malicious website in the first place. It will also encrypt your online traffic and hide your real location by giving you a new IP. Protect yourself from hackers, snoopers, and advertisers with the click of a button.

Get a VPN and shield yourself from cyber threats.