On 9/07/2020 10:25 am, Bernard Robertson-Dunn wrote: > The risk is that "someone who is specifically targeting an individual > household rocks up outside with a device to try and start passively > monitoring traffic," he said. > > Tyson told CNN that an attacker would require a decent level of > technical knowledge to monitor the data themselves, but there is a > chance that someone could develop a program that does so and sell it > online.
Which is to say - minimal to no risk. For this to be an issue, an attacker would have to be in a position to observe and measure a household's upstream bandwidth use. And be able to separate out and distinguish outbound traffic from cameras from outbound traffic from computer backups, pool monitors, solar power systems, checks for firmware updates from the other 10 - 40 devices in a house that do such things regularly even when nobody is home. For a fixed-line connection, this would be devilishly difficult, since the datastream typically consists of idle frames between data frames, so anyone viewing the line activity passively will see just a constant stream of bits regardless of variations in 'good data' - they would have to be tapped in to the line, and be decoding the data, to tell what is video and what is not, and if they have that level of access to your packets, video camera activity levels are the least of your problems. For a wireless connection, they would somehow have to detect variations in transmission duty-cycles, which is credible - but still be able to separate out camera traffic from all the other outbound traffic 'background noise'. This risk needs to be compared against the consequences of not incurring the risk - the level of risk of a house or garage being burgled or vandalised, and the value of being able to hand over the video-feed to the police to assist in finding the perpetrators. Personally, I lean towards the latter. It also needs to be compared to the risk of someone 'rocked up outside' just observing people and car movements, and working out when all the people have left by observing them leave and use of a pencil and notepad. And of course - if they do break in - there are security cameras, but this attack vector doesn't reveal the locations of the cameras, so a burgler is likely to be captured by the system they detected was there! Countermeasures include making sure the detection threshold includes pets moving around, and having several pets, to make the cameras activate irregularly but often even when no humans are home. OTOH, smart security cameras that just transmit on motion detection do have benefits in saving of bandwidth, saving of memory chip storage, and savings on power usage - there are battery-operated cameras where the battery lasts up to a year, and so don't need any form of power or other form of cabling to install, saving significant cost in installation. They achieve the long battery life by only keeping/storing snippets when motion is detected, if they kept transmitting continuously the batteries would run out and need to be replaced monthly. No cabling required at all, just screw to a wall at a suitable place, and change the battery when you change the smoke detectors batteries for convenience. The value of such systems vastly overrrides the risk of this issue as a credible pathway to loss. P. _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
