Apple HomeKit Secure Video – Is it really secure?

CCTV Camera

Scared yet?

Apple HomeKit Secure Video is supposed to be the ultimate in privacy and security from Apple. Strong encryption and attention to privacy features are heavily touted as better than other security camera systems.

(In Apple’s world of mass market consumer solutions have no doubt – they are throwing shade on Amazon’s Ring and Google’s Nest security camera solutions.)

I just read another in a long line of clickbait articles trying to scare all of us about our lack of privacy and security even when using Apple HomeKit Secure video products.

This one touts some research done by what I’m sure are some decent geeks that found an interesting tidbit.

If you look at the Internet traffic coming from a smarthome security camera, even without seeing the video itself, you can figure out if anyone is home.

It’s an intellectually interesting premise – cloud based cameras send video through the Internet to be processed and stored at a remote data center.

Since the volume of data uploaded varies with the amount of visual activity the camera sees, smart analytics can use this as a virtual footprint to see when the house is empty.

So a camera aimed at an empty family room doesn’t see people moving around, pets rolling on their backs, or a child crawling on the floor.

The relatively static image means less uploading, less outbound bandwidth usage, and a recognizable pattern.

The hidden agenda

Why is this making news?

Well there have been a lot of headlines about invasion of privacy and the lack of security in smarthome camera systems from Ring, Nest and a bunch of lesser-known, but widely used brands and systems.

At the recent Apple Worldwide Developer’s Conference, Apple previewed a new version of the HomeKit Secure Video that includes package detection and multi-camera viewing on the AppleTV.

Apple has made privacy and security an integral part of their marketing efforts and corporate culture. Spreading, unfairly in my opinion, fear, uncertainty, and doubt (FUD) about everything else.

This article suggests that even though Apple HomeKit saves your camera video encrypted on their own cloud servers maybe it still isn’t really private or secure?

Fuhgeddaboudit

Nothing to see here – Literally!

The practical, real-world implication of this kind of lab trick is minimal to nil.

Without access to the actual video feed, there is very miniscule risk to your privacy.

Anyone interested in knowing when your house is empty would need to hack into your own network inside your home.

The thief would need to be physically near or actually inside your house to do that.

They would need a level of computer hacking and nefarious security training that would be a huge waste of their talent as a common criminal.

Alternatively, measuring the upload usage of your Internet connection might be done at the remote end of your Internet service.

Once again, that would require tremendous technical skills or an “inside job” at your Internet Service Provider (ISP) equipment or operations center.

Fast and easy

I’m not an expert on criminal behavior, but I do know that most thefts are crimes of opportunity, not methodically planned incursions.

Watching the entry and exit doors of a home, counting cars coming and going, and a few other visual observations/surveillance are much easier ways to determine when a home is empty.

Practical Security Camera Advice

As long as we have criminals, I think the arguments about privacy and security will continue.

I’m not downplaying this – Protecting your privacy and insuring physical security are very important.

That’s why the home protection and security industry continues to be a large and growing specialty.

For many of us, there is a simple no-tech solution that can guarantee what no gadget or technology can do to insure 100% privacy:

Use only outside cameras

Easy! Do not install any cameras inside your home. No worry about turning them on or off when you leave or re-enter your home.

No worrying about whether Amazon, Apple, Google, or some engineer in a far-away company is watching everything you do.

No worries about software or firmware bugs, clever hardware tricks, or other methods to bypass the questionable security in many popular products.

No concerns about using complex passwords, changing passwords, fingerprints, faceprint, or other mechanisms to try and limit access to the camera’s video feed.

Outside cameras only show and record what can be seen anyway by neighbors or passersby.

Of course you should have password, logins, and follow recommended security practices, but worst case, if someone hacks into your outdoor cameras, what will they really see?

The Real Security Camera Risk

Working with a range of clients, the most common problem I have found is complacency.

Homeowners are not geeks constantly looking at their camera feeds, tweaking settings, playing with fancy alerts or notifications.

The biggest problem I run into are systems that have been offline for weeks or months at a time.

Hard to use, confusing, and unreliable systems tucked away in a closet or basement that have been offline or malfunctioning.

Lots of different reasons, but the main cause is that many homeowners have camera systems for piece of mind, not daily use.

They want the camera and recordings to be available if something happens, which they hope never will.

So after the initial few days or weeks of having fun playing with the cameras, watching people walking by, or trying to catch the exact moment the post office or delivery truck pulls up, the surveillance system isn’t checked very often.

So take a balanced perspective. Do consider a reliable camera system as part of your smarthome security efforts, but don’t get paranoid about the hysteria in the media.

Do think very carefully if you use any indoor cameras and check everything – camera, system, and archived footage regularly to insure proper operation.

Looking for help choosing a security camera system? Check out my tech guide to HomeKit Secure video and other CCTV security camera solutions.

Robert

Automation technologist and problem solver

Follow Us Around the Web