• United States



Privacy breach: Home security camera footage sent to wrong person

Jul 01, 20183 mins
Internet of ThingsPrivacySecurity

Home security video from a Swann smart camera was sent to the wrong customer, enabling the person to see and hear activity of a different family. Swann says user error is to blame.

After receiving a few security camera motion detection alerts, a woman realized the video footage she was seeing on her phone was not recorded from inside her house. Instead, she was seeing footage from a different “smart” Swann camera; she was seeing into the home of a different family — seeing a man and a woman and hearing the voice of child.

The woman, BBC journalist Louisa Lewis, contacted Swann after video clips tied to motion detection in someone else’s kitchen showed up in the app on her phone. It was the weekend, however, and Swann said nothing could be done until Monday even though Lewis asked Swann, “Do you understand this is really serious breach of privacy?”

When Monday rolled around, Swann put a stop to Lewis receiving the clips. Even though Swann said it could not identify or contact the family whose video footage was being shown to the BBC journalist, the company claimed, “We can confirm that no further data was breached or accessed by additional third parties.”

User error? Swann blamed customer

From Swann’s perspective, the user of their product is to blame. A spokesperson for Swann claimed “that ‘human error’ had caused two cameras to be manufactured that shared the same ‘bank-grade security key — which secures all communications with its owner.’”

Swann’s spokesperson further explained it to the BBC like this:

“This occurred after the [family] connected the duplicate camera to their network and ignored the warning prompt that notified: ‘Camera is already paired to an account’ and left the camera running,” she added.

“We are regretful that this was not addressed immediately and adequately by our support team, when discovered. We have addressed this and made some internal changes.”

Remember, Swann claimed no other customers had their privacy breached in this way by Swann showing footage to some random stranger.

Same security and privacy snafu occurred at least once this year

Except it was not a “one-off” incident, considering a similar incident happened in May when a “smart” Swann security system sent a U.K. couple camera footage taken in a pub.

Eventually this couple determined the pub was not located too far away. After speaking with the owner, the couple took a selfie using the pub’s security camera.

While these are publicly known Swann camera blunders, there may have been other similar issues. Perhaps, like the BBC journalist, the person receiving the motion alerts tied to the wrong footage decided to blow it off as errors at first? It remains to be seen if any other customers will speak up about similar incidents.

Professor Alan Woodward from the University of Surrey told the BBC that he was “dubious that two users unrelated other than by geographic area would choose the same username and password combination enabling one to see the live video feed of the other. When both incidents are combined it does make you wonder if there are others who have had similar issues, and whether there is more at work here than has been so far explained.”

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.