SpotCam HD Pro: surveillance vs. data protection and security
4.3.2019
Translation: Eva Francis
Pictures: Thomas Kunz
The SpotCam video camera lets you monitor your home or private property. A great idea in theory – but such monitoring systems also raise questions regarding data protection and security.
The SpotCam HD Pro is a video camera that makes recordings and stores them in the manufacturer’s cloud. From there, they can be streamed to any computer, tablet, or smartphone during 24 hours. Afterwards, all material is deleted from the cloud. All this is possible with just a monitoring camera, electricity and a Wi-Fi network to which the camera is connected.
This is handy if you’d like to know what’s going on in or around your home when you’re not there or when you’re sleeping. That’s probably exactly what Community member Ventoesole was interested in when he got himself a SpotCam and came to the following conclusion:
I put this challenge cup to the test and realised that the crucial questions aren’t related to the device itself, but rather to the aspects of data security and data protection.
Installation and setup
According to the manufacturer SpotCam, this camera is set up in a matter of seconds. That’s unrealistic. Especially as the camera requires extensive communication with the SpotCam server and with my home network before it’s ready to go. By the way, I installed the SpotCam at home – I’m, pretty sure our IT team wouldn’t have been amused to see me connect an external device to our company network that streams images to an external cloud.
The camera runs via smartphone app, which you can download from the Google Play Store or the Apple iTunes Store, or via website if you prefer the PC version. Allow about ten minutes to set up the camera and your SpotCam account. After this, your monitoring camera is up and running. What’s handy is that you can disconnect, reposition and reconnect the camera at any time without having to reconfigure it.
How the app works
The Wi-Fi video camera records with an FHD resolution of 1920×1080 pixels and 30 frames per second. Twelve infrared LEDs are placed around the lens to allow for night vision, which is automatically activated in poor lighting. All videos are taken at a wide angle of 155 degrees. The camera weighs about 275 grams and is IP65-certified, making it suitable for outdoor use.
User Ventoesole described the recordings as being magenta-tinged, but I can’t see any of that. Maybe his device really was defective. By the way, I looked into the case and found out that our customer service team replaced the presumably defective camera with a new one. So I assume Ventoesole has a fully functional security camera now. Nevertheless, the image – especially in full-screen mode – isn’t exactly what I’d call high-resolution. I was expecting more than that.
To give you an impression of the video quality, I’ve uploaded a time lapse recording to YouTube.
What you get to see here is part of my flat that I’ve featured in many TV reviews. So it’s nothing new. I’m not trying to encourage you to do the same. In fact, I’m telling you: don't do it.
The app gives you many more useful options, such as deciding whether the cam runs constantly or only within a defined time plan. Alternatively, the camera also has a sleep mode, which means it only switches on and starts recording if it senses motion or noise.
The smartphone app has even more to offer: activating alarms in case of motion or noise via push notification and adjusting the microphone sensitivity, for instance. Having said that, when I set the microphone sensitivity to «medium», I got a notification every five seconds, even though there wasn’t any noise except the humming of the camera. Maybe it detects its own noise?
The alarm function is so sensitive in medium setting that I get an alarm every two minutes, although the camera is staring at my living room wall and nothing’s moving. No earthquake detected, either.
I don't know whether Community member Ventoesole also got noise alarms and not just motion alarms. Once I change the setting to «low», I get much better results.
Pricy extra packages if you want all features
It’s with slight disappointment that I find out the camera can do even more – but only if you’re willing to pay for additional packages.
For example: an AI video service alerts you in the case of missing objects. This sounds handy, just think of a bike shed that gets broken into regularly. Another useful feature is fall detection, which sends you a notification whenever it detects a human falling and not getting back up quickly – an elderly family member, for instance. What does this cost? CHF 37.90 a month.
Features are also available individually at a price between 5 and 10 francs. I like this option. Nobody should be forced to pay for features they don’t need. Speaking of paying: if you want to record more than 24 hours of video material, SpotCam will make you pay – up to 200 francs per year, depending on the package.
I find these additional charges extremely annoying, but one tenant will hardly use all subscriptions and services at the same time. That would cost about 655 francs a year. I’m assuming these additional features are designed for landlords of multi-family houses or larger buildings.
Data protection und safety
When I was testing this camera, two important topics related to surveillance cameras kept crossing my mind: data protection and data security.
- Am I allowed to film my flat or private property if other people are visible on the video?
- Are my recordings or network data well-enough protected from hackers or burglars?
I talked to two experts to find answers.
Data protection and protection of personality rights
Filming yourself is never a problem. It’s when you start filming others that things get complicated. And that’s the whole point of a monitoring camera. Martin Steiger, lawyer with Steiger Legal AG, says:
«Video surveillance is a case of conflict of interest. Our own and others’ interests collide – we’re trying to protect ourselves from burglars while those who are filmed want to protect their privacy.»
He concludes that there needs to be reason for a video surveillance system. Thus, the surveillance must be both appropriate and proportional.
«The protection of persons or personal items is often named as a reason. But if there are mitigating measures, these should be preferred.»
What Steiger is referring to is, for instance, installing a stronger security lock instead of a camera or setting up an outdoor light with a motion detector. What’s more, it has to be transparent that a video camera is in place. This has to be signalled with a sign that says who is filming, what is being filmed and why this is being done.
The «why» is particularly important. Those who are captured on video, let’s say the mail carrier or the moving company, who cannot easily escape surveillance, have the right to demand information about what was filmed and for what purpose. Without the consent of the filmed persons, no material may be published.
But what about the privacy of burglars? Martin Steiger says:
«They also have a right to data protection. Nevertheless, as a person affected by burglary, that’s not the main thing I’d be thinking about.»
According to Steiger, the risk that a court wouldn’t allow such recordings as evidence in criminal proceedings is much greater than the chances that a burglar would be successful in suing a victim for data protection violations. To do so, the burglar would have to admit to the crime.
Data security: how high is the risk?
Live videos and recordings as well as stored recordings are protected with SSL data encryption. Is this enough? I asked a true expert: Stefan Friedli, main security consultant at SCIP AG. SCIP AG specialises in cyber security and information security.
«The answer to your question is probably unsatisfactory: it depends.»
What Friedli means is that it is possible to install a monitoring system such as SpotCam with sufficient security. However, there’s no such thing as 100% security. It’s comparable to a door: locking the door makes it less likely but not impossible to break in. As an example, Stefan Friedli cites Google's subsidiary Nest, which also produces security cameras.
«Although Nest has an army of clever engineers at its disposal, security isn’t self-evident.»
The security expert refers me to a report by Jason Doyle that was published at public disclosure and describes how to attack Nest's network cameras. It’s surprisingly easy:
A potential burglar could blanket the Wi-Fi signal of the network the camera is connected to. This is possible with a second network with the same SSID – the name of the network, as for example «Luca’s home» – and a stronger signal. A set-up that isn’t particularly hard to build. I’ve had to do it myself for a TV review (article in German):
Most security cameras aren’t smart enough to notice that a second network is involved. They just detect the stronger signal and think: «Hey, a new network for Luca’s home and an even stronger one. I’ll connect to this one so I can send my data to the cloud even faster.»
Building a network doesn’t require an internet connection. This is exactly what burglars take advantage of. According to Jason Doyle's report, instead of the recordings being sent to the cloud via the internet, they end up in the attacker's network – which has no internet connection and therefore leads to nowhere. A black hole of data, so to speak. The burglar can’t view the recordings, but neither can anyone else. This means, the burglar can enter my home without being observed.
Source: Luca Fontana
Sure, this requires a burglar to know in advance that a home is equipped with a security camera, where it’s located and what the network SSID is. But finding this out – especially network SSIDs that are named after a person – is easy enough. Therefore, never name your home network after yourself.
I didn’t test if this method works on SpotCams, too, I just wanted to give you an example that shows that no system is 100% safe, but the risk of being attacked is minimal.
My verdict: surveillance is okay, but only when it's really necessary
All in all, I was happy with the SpotCam HD Pro. The video quality is good, though not as good as promised by the manufacturer, and the app comes with motion and noise alarms. If you want more features, you have to pay for them.
And yet, the two crucial topics when it comes to buying a surveillance camera aren’t related to the actual device: data protection and data security. A Wi-Fi camera isn’t a device you should buy for the joy of monitoring. Be aware of the consequences. Ask questions. Privacy is a valuable asset that must be protected. Do you really need this kind of surveillance or are there more appropriate alternatives? Besides: does the purpose of your recordings justify the risk that your network camera might be hacked?
The latter is rather unlikely, but it is possible. I’d only install a video camera in places where there have been repeated illegal incidents and where other security measures have proven ineffective in the past. If you decide that a security camera is necessary and appropriate, be sure to follow the applicable privacy policy regarding video surveillance.
Luca Fontana
Senior Editor
Luca.Fontana@digitecgalaxus.chI'm an outdoorsy guy and enjoy sports that push me to the limit – now that’s what I call comfort zone! But I'm also about curling up in an armchair with books about ugly intrigue and sinister kingkillers. Being an avid cinema-goer, I’ve been known to rave about film scores for hours on end. I’ve always wanted to say: «I am Groot.»
2 comments
later