Some doorbell cameras have critical security vulnerabilities that allow an attacker to:
- Put the device into pairing mode by holding down a button on the device. This requires the attacker to be physically present, but allows complete takeover of the camera.
- Remotely view still images from the camera without authentication, knowing only the device’s serial number. This might also require physical presence to determine the serial number, or maybe not—did the proud new owner post an unboxing video of the the gadget to YouTube?
- Intercept metadata like SSID and external IP address sent unencrypted over the internet. This would require some kind of network compromise, so it might be a bit of a stretch using this in a story.
The first two items are pretty interesting. Does your character need to surveil a house? She could see if the house across the street has one of these cameras.
Some physical safes have electronic locks with backdoor codes that can unlock the safes. These codes are supposedly only known to the manufacturers, but that sounds like the kind of secret that doesn’t stay secret. Would a disgruntled former employee of the manufacturer be willing to take a bribe?
Carl Welch: Writing Tech 