Nanny-Cam May Leave a Home Exposed ---------------------------------- By JOHN SCHWARTZ Published: Sunday, April 14, 2002 Thousands of people who have installed a popular wireless video camera, intending to increase the security of their homes and offices, have instead unknowingly opened a window on their activities to anyone equipped with a cheap receiver. The wireless video camera, which is heavily advertised on the Internet, is intended to send its video signal to a nearby base station, allowing it to be viewed on a computer or a television. But its signal can be intercepted from more than a quarter-mile away by off-the-shelf electronic equipment costing less than $250. A recent drive around the New Jersey suburbs with two security experts underscored the ease with which a digital eavesdropper can peek into homes where the cameras are put to use as video baby monitors and inexpensive security cameras. The rangy young driver pulled his truck around a corner in the well-to-do suburban town of Chatham and stopped in front of an unpretentious house. A window on his laptop's screen that had been flickering suddenly showed a crisp black-and-white video image: a living room, seen from somewhere near the floor. Baby toys were strewn across the floor, and a woman sat on a couch. After showing the nanny-cam images, the man, a privacy advocate who asked that his name not be used, drove on, scanning other houses and finding a view from above a back door and of an empty crib. In the nearby town of Madison, from the parking lot of a Staples store, workers could be observed behind the cash register. The driver walked into the store and pointed up at a corner of the room. "Take a look," he said. Above the folded-back steel security shutters was a nubbin of technology: a barely perceptible video camera looking down on the employees. "I can only imagine driving around the Bay Area with one of these," said Aviel D. Rubin, a security researcher at AT&T Labs, which identified the problem. Around San Francisco, high-technology toys like security cameras are likely to be far more common. Mr. Rubin tries to help the business world recognize security threats and address them. Although there is no evidence that video snooping is widespread, it is so easy and the opportunity to do it is so great that it is a cause for concern, said Mr. Rubin, who was along for the ride. Such digital peeping is apparently legal, said Clifford S. Fishman, a law professor at the Catholic University of America and the author of a leading work on surveillance law, "Wiretapping and Eavesdropping." When told of the novel form of high-technology prying, Professor Fishman said, "That is astonishing and appalling." But he said that wiretap laws generally applied to intercepting sound, not video. Legal prohibitions on telephone eavesdropping, he said, were passed at the urging of the telecommunications industry, which wanted to make consumers feel safe using its products. "There's no corresponding lobby out there protecting people from digital surveillance," he said. Some states have passed laws that prohibit placing surreptitious cameras in places like dressing rooms, but legislatures have generally not considered the legality of intercepting those signals. Nor have they considered that the signals would be intercepted from cameras that people planted themselves. "There's no clear law that protects us," Professor Fishman said. "You put it all together, the implications are pretty horrifying." With no federal law and no consensus among the states on the legality of tapping video signals, Professor Fishman said, "The nanny who decided to take off her dress and clean up the house in her underwear would probably have no recourse" against someone tapping the signal. Police officers with search warrants could use the technology for investigative purposes, as well, he suggested. Surveillance has been a growing part of American life, especially since Sept. 11. Video cameras have been installed on city streets, and some cities and airports have tried to tie cameras into facial recognition systems, with mixed results. Privacy advocates argue that the benefit to security is questionable and the intrusiveness is high. But the cameras continue to proliferate ? with many people buying them for personal use. Surveillance cameras have also sprouted at intersections to catch drivers who speed or run red lights and as a part of many voyeur-oriented pornographic Web sites. Ads for the "Amazing X10 Camera" have been popping up all over the World Wide Web for months. The ads for the device, the XCam2, carry a taste of cheesecake ? usually a photo of a glamorous-looking woman in a swimming pool or on the edge of a couch. But, in fact, many people have bought the cameras for far more pedestrian purposes. "Frankly, a lot of it is kind of dull," and most of the women being surreptitiously observed are probably nannies, said Marc Rotenberg, the executive director of the Electronic Privacy Information Center in Washington. He calls the X10 ads "one of the weird artifacts of the Internet age." The company that sells the cameras, X10 Wireless Technology Inc. of Seattle, was created in 1999 by an American subsidiary of X10 Ltd., a Hong Kong company. It is privately held and does not release sales figures. A spokesman, Jeff Denenholz, said the company had no comment for this article. Filings with the Securities and Exchange Commission for an initial public stock offering that was later withdrawn provide some figures, however. X10 lost $8.1 million on revenue of $21.3 million for the nine months ended Sept. 30, 2000, and said that 52 percent of its revenue came from wireless camera kits. At the camera's current retail price of about $80, that would translate to sales of more than 138,000 cameras in those nine months alone. Rob Enderle, an analyst at the Giga Information Group, a technology consulting business, said he was a big fan of X10 ? which sells the most popular wireless cameras on the consumer market ? and its wares. "Theirs is the least expensive option out there, and they actually do a good job," he said. Mr. Enderle was surprised to hear of the cameras' lack of security, but said he did not see a cause for great concern. "Clearly, if you are pointing that at areas like your bathroom or shower, there may be people enjoying that view with you," he said. "But fundamentally, you shouldn't be pointing it that way anyway." The vulnerability of wireless products has been well understood for decades. The radio spectrum is crowded, and broadcast is an inherently leaky medium; baby monitors would sometimes receive signals from early cordless phones (most are scrambled today to prevent monitoring). A subculture of enthusiasts grew up around inexpensive scanning equipment that could pick up signals from cordless and cellular phones, as former Speaker Newt Gingrich discovered when recordings of a 1996 conference call strategy session were released by Democrats. More recently, with the advent of wireless computer networks based on the increasingly popular technology known as WiFi, yet another new subculture has emerged: people known as "war drivers" who enter poorly safeguarded wireless networks while driving or walking around with laptops. In the case of the XCam2, the cameras transmit an unscrambled analog radio signal that can be picked up by receivers sold with the cameras. Replacing the receiver's small antenna with a more powerful one and adding a signal amplifier to pick up transmissions over greater distances is a trivial task for anyone who knows his way around a RadioShack and can use a soldering iron. Products intended for the consumer market rarely include strong security, said Gary McGraw, the chief technology officer of Cigital, a software risk-management company. That is because security costs money, and even pennies of added expense eat into profits. "When you're talking about a cheap thing that's consumer grade that you're supposed to sell lots and lots of copies of, that really matters," he said. Refitting an X10 camera with encryption technology would be beyond the skills of most consumers. It is best for manufacturers to design security features into products from the start, because adding them afterward is far more difficult, Mr. McGraw said. The cameras are only the latest example of systems that are too insecure in their first versions, he said, and cited other examples, including Microsoft's Windows operating system. "It's going to take a long time for consumer goods to have any security wedged into them at all," he said. Another wireless camera, the DCS-1000W from D-Link Systems Inc., does offer encrypted transmission and ties into standard WiFi networks ? but it costs at least $350. As a security expert, Mr. Rubin said he was concerned about the kinds of mischief that a criminal could carry out by substituting one video image for another. In one scenario, a robber or kidnapper wanting to get past a security camera at the front door could secretly record the video image of a trusted neighbor knocking. Later, the robber could force that image into the victim's receiver with a more powerful signal. "I have my computer retransmit these images while I come by," he said, explaining the view of a would-be robber. Far-fetched, perhaps. That is the way security experts think. But those who use the cameras and find out about the security hole seem to grasp the implications quickly. Back at the Staples store in Madison, employees said they did not know that they were being watched by security monitors. The manager of the store, when asked whether he knew that his cameras were broadcasting to the outside world, seemed somewhat shaken, and excused himself to go into his office, he said, to put down the small display carousel he was carrying. He did not return. housands of people who have installed a popular wireless video camera, intending to increase the security of their homes and offices, have instead unknowingly opened a window on their activities to anyone equipped with a cheap receiver. The wireless video camera, which is heavily advertised on the Internet, is intended to send its video signal to a nearby base station, allowing it to be viewed on a computer or a television. But its signal can be intercepted from more than a quarter-mile away by off-the-shelf electronic equipment costing less than $250. A recent drive around the New Jersey suburbs with two security experts underscored the ease with which a digital eavesdropper can peek into homes where the cameras are put to use as video baby monitors and inexpensive security cameras. The rangy young driver pulled his truck around a corner in the well-to-do suburban town of Chatham and stopped in front of an unpretentious house. A window on his laptop's screen that had been flickering suddenly showed a crisp black-and-white video image: a living room, seen from somewhere near the floor. Baby toys were strewn across the floor, and a woman sat on a couch. After showing the nanny-cam images, the man, a privacy advocate who asked that his name not be used, drove on, scanning other houses and finding a view from above a back door and of an empty crib. In the nearby town of Madison, from the parking lot of a Staples store, workers could be observed behind the cash register. The driver walked into the store and pointed up at a corner of the room. "Take a look," he said. Above the folded-back steel security shutters was a nubbin of technology: a barely perceptible video camera looking down on the employees. "I can only imagine driving around the Bay Area with one of these," said Aviel D. Rubin, a security researcher at AT&T Labs, which identified the problem. Around San Francisco, high-technology toys like security cameras are likely to be far more common. Mr. Rubin tries to help the business world recognize security threats and address them. Although there is no evidence that video snooping is widespread, it is so easy and the opportunity to do it is so great that it is a cause for concern, said Mr. Rubin, who was along for the ride. Such digital peeping is apparently legal, said Clifford S. Fishman, a law professor at the Catholic University of America and the author of a leading work on surveillance law, "Wiretapping and Eavesdropping." When told of the novel form of high-technology prying, Professor Fishman said, "That is astonishing and appalling." But he said that wiretap laws generally applied to intercepting sound, not video. Legal prohibitions on telephone eavesdropping, he said, were passed at the urging of the telecommunications industry, which wanted to make consumers feel safe using its products. "There's no corresponding lobby out there protecting people from digital surveillance," he said. Some states have passed laws that prohibit placing surreptitious cameras in places like dressing rooms, but legislatures have generally not considered the legality of intercepting those signals. Nor have they considered that the signals would be intercepted from cameras that people planted themselves. "There's no clear law that protects us," Professor Fishman said. "You put it all together, the implications are pretty horrifying." With no federal law and no consensus among the states on the legality of tapping video signals, Professor Fishman said, "The nanny who decided to take off her dress and clean up the house in her underwear would probably have no recourse" against someone tapping the signal. Police officers with search warrants could use the technology for investigative purposes, as well, he suggested. Surveillance has been a growing part of American life, especially since Sept. 11. Video cameras have been installed on city streets, and some cities and airports have tried to tie cameras into facial recognition systems, with mixed results. Privacy advocates argue that the benefit to security is questionable and the intrusiveness is high. But the cameras continue to proliferate ? with many people buying them for personal use. Surveillance cameras have also sprouted at intersections to catch drivers who speed or run red lights and as a part of many voyeur-oriented pornographic Web sites. Ads for the "Amazing X10 Camera" have been popping up all over the World Wide Web for months. The ads for the device, the XCam2, carry a taste of cheesecake ? usually a photo of a glamorous-looking woman in a swimming pool or on the edge of a couch. But, in fact, many people have bought the cameras for far more pedestrian purposes. "Frankly, a lot of it is kind of dull," and most of the women being surreptitiously observed are probably nannies, said Marc Rotenberg, the executive director of the Electronic Privacy Information Center in Washington. He calls the X10 ads "one of the weird artifacts of the Internet age." The company that sells the cameras, X10 Wireless Technology Inc. of Seattle, was created in 1999 by an American subsidiary of X10 Ltd., a Hong Kong company. It is privately held and does not release sales figures. A spokesman, Jeff Denenholz, said the company had no comment for this article. Filings with the Securities and Exchange Commission for an initial public stock offering that was later withdrawn provide some figures, however. X10 lost $8.1 million on revenue of $21.3 million for the nine months ended Sept. 30, 2000, and said that 52 percent of its revenue came from wireless camera kits. At the camera's current retail price of about $80, that would translate to sales of more than 138,000 cameras in those nine months alone. Rob Enderle, an analyst at the Giga Information Group, a technology consulting business, said he was a big fan of X10 ? which sells the most popular wireless cameras on the consumer market ? and its wares. "Theirs is the least expensive option out there, and they actually do a good job," he said. Mr. Enderle was surprised to hear of the cameras' lack of security, but said he did not see a cause for great concern. "Clearly, if you are pointing that at areas like your bathroom or shower, there may be people enjoying that view with you," he said. "But fundamentally, you shouldn't be pointing it that way anyway." The vulnerability of wireless products has been well understood for decades. The radio spectrum is crowded, and broadcast is an inherently leaky medium; baby monitors would sometimes receive signals from early cordless phones (most are scrambled today to prevent monitoring). A subculture of enthusiasts grew up around inexpensive scanning equipment that could pick up signals from cordless and cellular phones, as former Speaker Newt Gingrich discovered when recordings of a 1996 conference call strategy session were released by Democrats. More recently, with the advent of wireless computer networks based on the increasingly popular technology known as WiFi, yet another new subculture has emerged: people known as "war drivers" who enter poorly safeguarded wireless networks while driving or walking around with laptops. In the case of the XCam2, the cameras transmit an unscrambled analog radio signal that can be picked up by receivers sold with the cameras. Replacing the receiver's small antenna with a more powerful one and adding a signal amplifier to pick up transmissions over greater distances is a trivial task for anyone who knows his way around a RadioShack and can use a soldering iron. Products intended for the consumer market rarely include strong security, said Gary McGraw, the chief technology officer of Cigital, a software risk-management company. That is because security costs money, and even pennies of added expense eat into profits. "When you're talking about a cheap thing that's consumer grade that you're supposed to sell lots and lots of copies of, that really matters," he said. Refitting an X10 camera with encryption technology would be beyond the skills of most consumers. It is best for manufacturers to design security features into products from the start, because adding them afterward is far more difficult, Mr. McGraw said. The cameras are only the latest example of systems that are too insecure in their first versions, he said, and cited other examples, including Microsoft's Windows operating system. "It's going to take a long time for consumer goods to have any security wedged into them at all," he said. Another wireless camera, the DCS-1000W from D-Link Systems Inc., does offer encrypted transmission and ties into standard WiFi networks ? but it costs at least $350. As a security expert, Mr. Rubin said he was concerned about the kinds of mischief that a criminal could carry out by substituting one video image for another. In one scenario, a robber or kidnapper wanting to get past a security camera at the front door could secretly record the video image of a trusted neighbor knocking. Later, the robber could force that image into the victim's receiver with a more powerful signal. "I have my computer retransmit these images while I come by," he said, explaining the view of a would-be robber. Far-fetched, perhaps. That is the way security experts think. But those who use the cameras and find out about the security hole seem to grasp the implications quickly. Back at the Staples store in Madison, employees said they did not know that they were being watched by security monitors. The manager of the store, when asked whether he knew that his cameras were broadcasting to the outside world, seemed somewhat shaken, and excused himself to go into his office, he said, to put down the small display carousel he was carrying. He did not return.