Not a "sloppy password" story
We’re all now familiar with stories about people who leave the default password on for their home security systems and suddenly find their private lives being broadcast on Russian websites.
That’s not what this story is about.
In this case, a new feature rolled out to Comcast’s customers appears to have inadvertently introduced a glitch allowing people to look (and listen in) to other people’s homes rather than their own.
A glitch opens a window into another home
Edward Callahan normally used his Comcast Xfinity home security service to peer into his own living room while at his office. One day, he discovered he was suddeny looking into his neighbour’s kitchen – and unwittingly eavesdropping on his neighbour’s private conversation.
Edward Callahan called Comcast to report the problem – twice.
Each time, he was told there wasn’t really a problem at all. Comcast said he was simply watching an ad for a new “listen-in” feature the company was promoting. Not true, as Edward actually knew the neighbour he was watching. He had contacted her and she hadn’t known she was being watched.
It had to be a glitch, possibly resulting from the new feature rollout. Why? Because Mr. Callahan had not done anything except open the app — as usual — to look into his own home when he found he was suddenly peering into his neighbour’s home instead.
When Comcast didn’t acknowledge the glitch, the woman whose privacy was breached filed a complaint with the police in Pennsylvania.
The police reported that the company was “looking into it”. Was it a widespread problem? Were others put at risk?
Comcast has been plagued with other software bugs that allow security breaches yet there are no requirements in place for home security companies to warn users when these sorts of glitches appear, risking not only their privacy but personal security as well.
But home security issues are not limited to Comcast:
- For years, reports have continue to warn people that their private lives are appearing on public sites because they’re not securing their home security systems with proper passwords.
- In 2019, parents who placed a camera in their 8-year-old daughter’s bedroom (apparently oblivious to the lure for pedophiles), discovered someone was watching into the girl’s bedroom. The man seemed to take pleasure in frightening their little girl but at least made himself known.
- News reports have shown that home security is easy to hack and new software features, when introduced, can leave people vulnerable and at risk.
Common sense “privacy by design” techniques are easily available to companies building home security systems. Why are these techniques not standard? Or, for that matter, why is this “privacy by design” not required by law?
For example, when installing a home security system, the homeowner should be forced to change the default password before the new system will function. That keeps everyone a little safer.
There must be more transparency and accountability on the home security front, but not the kind of transparency that makes it easy for strangers to easily peer into your home.