Boomer here with a couple of questions about home cameras (Ezviz, Tapo, etc). I’m not all that worried about privacy as I’m an older guy and doubt there’s anything anyone would be interested in going on in my home. Security is a different matter though.
My first question is, is it possible for someone hacking into my camera on my home lan to gain access to other activity on that lan? In other words, can someone hack into my camera and then gain access to my laptop using the same wifi?
Question two is, if that first possibility exists, do I prevent it by setting up a separate guest network (different password) on my lan and connecting the cameras only through that?
In case it matters, I’m running Windows 11, and am using the router AT&T supplied with my fiber service. I regularly access the cameras via my laptop and Android phone but don’t subscribe to any cloud storage for the camera feed. I rely on installed sd cards to view recorded activity.
I’ve searched for this in the forum but may not be using the correct search terms. I haven’t seen anything recent that applies. Thanks!
A few things I’d prefer you change/do right off the bat.
Getting any other router than your ISP provided one. It’s always best to use the hardware you actually own.
Ensuring WPA 3 security with strong WiFi passwords for each network.
Set up a strong password for your Guest Network too.
If an attacker is not on the same network as the ones the camera’s are on, then you should be fine. Also, seems like they are not connected to the internet so keep them that way.
I hope you know that your router likely has at-least two networks (5 GHz and 2.5 GHz) + Guest? Do check that if you’re abe to log into your router firmware settings. Ensure Guest is strictly only for guests and your devices are connected to the others. This does not mean you have multiple WIFi’s, just different bands.
This should mitigate your concerns and you should be safe. Though I can’t promise because I don’t know anything else about your wider OPSEC.
Thanks. When I first switched to AT&T because they installed fiber in my hood, they told me I had to use their modem/router. I figured that would probably work the best anyway and it saved me from buying one that they might not approve anyway.
I figured out how to get into my router configuration again and the WPA option was defaulted at “WPA-2”. The only option that included 3 was “WPA-2 and WPA-3” . I changed it to that but of course up comes a warning that I’m changing my router config and I may not be able to acces it… do I want to continue. Of course, since I really don’t know what I’m doing, I cancelled. I’ll call AT&T tomorrow and have them walk me through it.
The cameras are connected to the internet. (at least I think they are) I can access them from another location and control/view them.
Also, I do know that there are two choices, 5ghz aand 2.5ghz, but I haven’t paid much attention to them and don’t know which I’m using. It looks like my guest network is only set up on the 2.5ghz.
Answer to first question: yes, it’s possible. A compromised camera can be a stepping stone to attack other devices on your network. IoT devices like your camera are particularly vulnerable because they often have weaker security, outdated firmware, and most manufactures don’t provide timely security updates.
The camera can be compromised by a vulnerability or weak passwords. Best to change default password to something strong and unique and check for firmware updates regularly.
Answer to second question: Yes, a guest network is a good solution, as devices on the guest network cannot see or communicate with devices on your main network.
Also even though you aren’t subscribed to any cloud storage, your cameras are most likely still “phoning home” to get firmware updates and other telemetry, so getting them on the guest network and, if possible, not enabling remote access are probably the best bets.