Many security device vulnerabilities start right at home. Direct smart home hacking isn’t nearly as common as some people fear, but when devices are infected by botnets, it’s typically because of weak Wi-Fi encryption, not using TFA and bad passwords. But it’s important to check how secure businesses are, too.

It’s a huge headache when a security company you use has a massive data breach, or has such bad internal security that employees can steal data or spy through cameras. But where do you turn if cloud video and account theft is your top concern? While no security company is perfect, some have far better track records than others when it comes to storing, handling and protecting data, as well as watching for and patching vulnerabilities. Here are my top recommendations.

Read more: What the Law Says About Police Seizing Your Home Security Videos

Ecobee

From smart thermostats to outdoor cameras, Ecobee offers an array of smart home offerings — and the company continues to have an excellent track record when it comes to both data security and privacy practices, making Ecobee a sure winner for those worried about what happens to their data. It’s also one of the only companies that combines a security cam live view, thermostat and smart speaker into one device

The Canadian company hasn’t experienced any major data breach events or other problems in its history, and consistently makes data decisions with the privacy of its users in mind. That includes not selling the information it collects, nor sharing it with third parties for advertising purposes or even analysis unless you sign up for the Donta Your Data program. Ecobee also pushed back on Amazon when it requested more data via its Alexa capabilities housed in some Ecobee devices, believing it would violate customer trust. A rare W, as they say.

Ecobee will even warn customers if it looks as though they’re using account names or passwords that are used on other websites, a dangerous mistake far too many of us make. This not only keeps your data more secure, but makes it less likely that a data breach on some other service will affect Ecobee’s security.  

Lockly

Lockly offers a wide variety of smart locks, including video smart locks that can capture video clips like a smart doorbell can. The brand’s practice of using localized data storage when possible as well as AES 128-bit encryption has kept Lockly squeaky-clean from successful hacking and data theft so far. The company also uses independent testing by cybersecurity assurance firm LRQA, and relies on US-based AWS servers for data storage, among other privacy practices.

If you don’t like putting your video data in the cloud and are interested in a company with an excellent security history, Lockly is an easy recommendation. The downside is the company specializes in front door devices and advanced smart safes, so it’s not a viable choice for other smart devices around the home.

Blink

Amazon owns two notable security brands: Blink and Ring. They differ in many ways, but one standout difference is their security history. Ring has been plagued by breaches, privacy lawsuits and instances of employees spying on customers. I continue to recommend certain Ring devices now that it’s improved over the past several years, especially if you’re willing to turn off more invasive features, but for a pure privacy focus, Blink is a night-and-day alternative.

Amazon bought Blink as a startup in 2017, adding the company’s security cameras and video doorbells to its portfolio. Since then, Blink has remained largely scandal-free, with no data breaches or security slip-ups to threaten private information. The only notable vulnerability discovered in the cams back in 2019 was quickly patched before it became a threat.

Another point in Blink’s favor: While the company does offer cloud storage for video, you can purchase a compatible Module hub and connect a USB drive to use local storage instead. While Blink also offers AI plans to get video descriptions and daily summaries, it doesn’t have anything like Ring’s Neighbors platform to share video with police or let it be analyzed for other purposes.

However, keep in mind that Blink is still an Amazon brand, and Amazon will be using what data it can for internal use. It may not be stolen, but it could still be used for targeted marketing. You may also want to avoid using the integrated Alexa capabilities if you’re worried about what the voice assistant will do with your data. Fortunately, voice assistants don’t add much value to security cameras anyway.

Reolink

Reolink has long focused on security cameras that put all the power in the hands of its users, and is frank about the challenges of smart device security. The company focuses on local storage via options microSD card add-ons or Reolink NVRs. What AI recognition the company uses is housed locally in its cams as well (similar to Eufy’s privacy-focused approach, although Eufy’s track record in data security is sadly lacking).

Reolink has a strong history of protecting its company data and working to keep customer data out of reach, including offering plentiful PoE options for those who want to avoid Wi-Fi entirely. However, I will flag one incident in 2021 that exposed three Reolink P2P cameras to potential malicious access. This vulnerability appeared to be unique to those P2P cameras and has not been an issue since. Otherwise, Reolink hasn’t had notable problems using AES and RSA encryption with AWS services and following TLS standards for cloud data. 

What about Google Nest and Google Home?

I like many Nest/Home products, but Nest’s approach to security and privacy is a mixed bag. Similar to Amazon, Google is happy to gather as much data as possible and has been sued multiple times for violating privacy restrictions set by states and countries.

While Nest itself has remained largely free of vulnerabilities thanks to Google’s own security policies, a couple of notable issues give me pause. There was that infamous incident where early Home speakers accidentally eavesdropped on users in 2017 (something that has not happened since).

More recently, a study found that promptware or Gemini AI prompt injections could be used to take over connected smart home devices. Basically, researchers found they could hide AI commands in innocuous places (such as emails or the end of Calendar event descriptions) that could control things such as smart heating devices and smart locks. Google patched this problem before the researchers published their findings, but it’s still a sign of how connecting to today’s AI services can also create new problems.

So, while I use some Nest security devices myself and recommend them in the right situations, they aren’t my first choice if you’re laser-focused on data security.

What if I don’t want a company to use my data internally?

Almost every company will use your data for analysis of some kind, such as your security app activity. Lately, many are also recruiting videos to train their AI if you sign up for cloud storage. Your best bet is to look for companies such as Ecobee that require you to opt in for sharing data for wider purposes, and companies that offer settings to automatically erase stored data or not to use it for analysis. Setting up your own privacy zones can also help limit what companies have access to. 

For more information, check out my guide on the Alexa settings you should change for privacy, and the best steps to thoroughly wipe your home address from the internet



Read the full article here

Share.
Leave A Reply

Exit mobile version