・

There have been constant talks about the concern of privacy and cyber security breach caused by the system design loophole of connected cloud cameras and IP cameras. Take this chance, we would like to write this article to clarify some common misunderstandings and explain in detail whether or not it is safe to use a connected cloud camera or IP camera.

In fact, cyber security incidents involving IP cameras leveraged by hackers as zombies to attack data centers and enterprises or government agencies are not so rare, it’s been a headache for IP camera and IOT device manufacturers and design houses in the last decade. The main reason why so many legacy IP cameras are vulnerable to cyber attack and easily being hacked for private videos or manipulations is because most of them still follow standard RTSP(Real Time Streaming Protocol) and come with device built-in web server with web pages interfaces for easier connection and setup. Plus, the tradition of manufacturers and designers set the default system admin account as admin/1234 for easier management, also most users never bothered to change default admin account information, together they provide an inviting gesture for hackers to attack and take advantages of the low cyber security protection. Once this kind of IP cameras are scanned on the internet and being accessed by hackers, they can easily watch your private streaming and take over the control of the device and operate it as a cyber attack node without you knowing.

So, in SpotCam, how do we handle this problem? Many of SpotCam team members used work in the IP CCTV and security industries in Taiwan so we are very aware of above cyber security risks, that’s also why we take below measures to minimize the potential risks for SpotCam cloud cameras and cloud video platform.

• SpotCam cameras and cloud servers and user clients connect with each other through P2P(Peer to Peer) and cloud relay depends on different usage scenarios, and neither of them uses RTSP nor set up built-in web servers for random remote connections.


• SpotCam cameras and cloud server platforms can only be accessed by users after logging in with credentials such as user Email and password that are created by users themselves. You need to log in to SpotCam mobile app or SpotCam WebVMS((Web Video Management System) via browsers first before you can use the system and watch videos, and there is no such thing as system default admin user.


• SpotCam system encrypted video streaming and data during transmission between camera, server, and user clients using HTTPS and AES encryption, which is not common in legacy IP camera system. This is also why SpotCam cloud video surveillance system is more secured than traditional IP camera systems.

Bearing the potential risks of connected IP cameras and cloud cameras in mind, what’s the best way to pick a cloud cameras or IP cameras that both suit your needs and meet cyber security standard? It is indeed a difficult task for general users to investigate the detail networking and cyber security design of a camera to discern between safety and risk, so we suggest below principles for you to follow so you can largely reduce the chances of running into cyber security problems with your IP or cloud video surveillance system.

1. Choose branded products, don’t buy unknown E-commerce brands.
There are many unknow and disposable brands in the market, especially in E-commerce marketplaces. We suggest you do a search on the brand name before buying a product and if you can only find related information on E-commerce website and not on any other news, IT media, or any credible media channels, then most likely it is just a disposable brand that used for E-commerce sales and you are not going to get any warranty or technically support once there is any cyber security problem with your camera. Also an E-commerce only brand is more like to be sold by a factory or trading company that doesn’t have their own R&D capability buy simply private labeling from others, which makes you less protected whenever there is a problem.

2. Make sure the cloud server is established locally.
No matter where you are, the US, EU, Japan, or Hong Kong, it is always better to find a cloud system with local severs in your location. Manufacturers who set up local servers usually disclose this information when promoting products so it’s not difficult to find out. Local server establishment usually means technical capability and the attention to cyber security and government regulations, which means a lower risk of security breach as well.

3. Choose a product from a manufacturer with own design capability.
To choose a brand with its own R&D capability, one can check the basic information of the brand and see if it is a specialized brand in a specific product or industry. A specialized long-term brand means long-term commitment and know-how accumulation in the product and industry, which are all fundamental for a manufacturer to reduce cyber security and any other kind of product risk its products pose to users. This rule of thumb together with the technique we mentioned in point 1 should help you find the brand and manufacturer that truly design their own products.

We believe you will be able to find an appropriate product with lower cyber security risk and better protection the next time you are looking for an IP or cloud video surveillance camera by keeping the rules mentioned in this article in mind. In SpotCam, we always put user privacy protection and cyber security at top priority, and no matter you are watching over your family, pets, business, or properties, we believe you will find the most suitable cloud video surveillance products in SpotCam.

[SpotCam Related News]
Cybernews: https://cybernews.com/security/hawk-hsieh-spotcam-ai-will-have-the-opportunity-to-improve-your-life/
APnews: https://apnews.com/article/business-taiwan-taipei-7eed3fa5f8ee06bf5b8889df5b78a409