If you are researching video doorbells, I’m sure you ran across news stories about various security flaws, like Ring users, still being able to log in with old passwords. Naturally, these stories create the following question, “are video doorbells secure.”
Yes, all video doorbells include a level of security, called encryption. In addition, there is a layer of security where your data is stored, and at your wireless network. Most doorbells support WPA, WPA2, and WEP security at the router level. Also, these video doorbells support AES level encryption at rest and during transit.
Continue reading as I describe what encryption at transit, encryption at rest, AES, WPA, WPA2, and WEP mean to you. Also, I will discuss various encryption levels, and provide real-world examples. Finally, I will provide examples of encryption for various doorbells.
Warning: this post will be very technical.
Before we begin, let’s spend a few minutes defining encryption.
What is Encryption?
Basically, encryption is taking data, usually a message, and converting it into a code that only relevant parties should know. Data can be encrypted in transit (while it’s being sent to another party), or at rest (not being sent). We will discuss these two types of encryption shortly. Here is a slightly better definition of encryption I just thought of: encryption is converting data into code that can only be read by intended parties. Intended parties will have the ability to decipher the code to put the message back together in its original form. Believe it or not, we encrypt our messages everyday, below are a few examples:
- Spelling out words so your kids don’t know what you’re talking about
- Using slang
- Coded messages when talking about a fellow coworker
- Using hand signals instead of speaking
Encryption is common in our everyday lives; we just don’t realize we’re doing it. Computer encryption is a little more difficult than spelling words. While there are varying levels of encryption, it usually consists of secret keys that are used to decrypt messages. The decryption keys are sent at a different time, and only the parties communicating will have access to the keys.
As I mentioned, there are two types of encryption: encryption in transit and encryption and rest. Let’s spend a few minutes discussing the two types of encryption.
What is Encryption at Rest?
Encryption at reset simply means data is encrypted while it is
It is possible to encrypt individual files or entire hard drives. Also, you may need a username and password to view these files. It is very common for companies like Amazon Web Services and Google Cloud to encrypt proprietary data while it is at rest because if that data every go out, they would be attacked by hackers and charged by government agencies.
Now that we’ve talked about encryption at rest, let’s spend a few minutes discussing encryption in transit.
What is Encryption in Transit?
Encryption in transit is simply data being encrypted while moving from one place to another. Usually, the data is moving over the internet where it is the least secure. When data is sent over the internet, there are a few ways that someone can intercept the data. Hackers can intercept the data, change the data, or add to the data, all of which would not be good for the sender or receiver. Encrypting the data while it’s being sent can reduce some of those potential issues.
What are the Encryption Lengths?
Encryption levels can get very confusing, and layered, so for the purposes of this post I’ll try to be very brief. Encryption is such a bog topic that people dedicate their entire life to encryption, and this one blog post will not be able to do the entire subject justice.
Most devices on the internet have/ or use Advanced Encryption Standard (AES), but there are others. AES uses a type of block cypher to encode and decode messages. Within in this standard, there are currently 3 levels: 128, 192, and 256 bits. These three levels, also called sizes, refers to the different key lengths. All three lengths have a block size of 128 bits.
In general, the longer the length, the more difficult it would be to access without the associated key. Most banks use AES 256 when sending and receiving transactions. In addition, the US Federal Government also uses the highest length when sending a secret and top secret information.
Now that we have a broad overview of encryption, let’s take a look at the encryption video doorbells to use. There are other types of encryption, including WPA, WPA, and WEP, but we will save that for the WIFI section of this post.
What Type of Encryption do Video Doorbells Use?
In general, most video doorbells use one of the lengths discussed earlier in this blog post. In addition, some video doorbells are also SOC compliant, which means video doorbell manufacturer’s securely mange your data to protect your interests.
Let’s take a look at a few examples of video doorbell security.
I spent some time searching through forums, their FAQs, and other places on the internet, but I was unable to find if they use AES. I was surprised to see that they may not use AES because their Owner, Amazon, uses AES for storing files in their cloud storage service (Simple Storage Service S3).
Solium is a new video doorbell to the marketplace, but they have one of the highest levels of security around. They are SOC II compliant, utilize tier III data centers, encrypt data in transfer using Transport Layer Security (TLS), and secure data at rest with AES 256.
The Nest Hello also uses TLS when sending data to the cloud, in addition, all of their data is AES 158 bit encrypted while it’s at rest in the cloud. Finally,
Hello uses multi factor authentication when accessing data. While it wasn’t discussed in this post, MFA uses two steps to verify you are who you say you are. MFA uses what you know (password) and what you have (mobile device) for verification.
If Video Doorbells are Secure How Do They get Hacked?
I’m sure you’re thinking if video doorbells have such high levels of encryption, why do some of them get hacked?
Most of the time, it’s the end users fault. The homeowner doesn’t secure the device, the router, or WIFI password, which makes it very easy for hackers to gain access to your system. As I mentioned in another post, there are several websites when you can watch live videos of unsecured security cameras.
If you take these very basic steps, you can prevent your video doorbell from being on the list of devices hacked:
- Rotate your passwords
- Make your passwords more difficult than ‘password,’ ‘password123,’ ‘12345,’ ‘11111,’ etc.
- Do not use the default password
- Do not give out your router password to everyone anyone that asks
- Change/ create a username and password for your router
What Type of Encryption do they Use in the Cloud?
Now I’m going to confuse you a bit more, there are another two types of encryption for the cloud client-side and server-side. Basically, this means where the encryption is occurring. Client-side usually means you, or me and server usually means a corporation like Amazon Web Services.
Both of these types use the same AES level of security. In addition, with services like AWS S3, they allow you to encrypt your data throughout the entire process. Because I know that AWS S3 has the ability to encrypt data, and Ring uses this service, is our data encrypted as it sits in the cloud?
About my Apps, are they Encrypted?
In general, if an app has a username and password, or requires face or hand recognition, it is secure. Like other usernames and passwords, it is dependent on the user to create strong usernames and passwords to prevent hacking.
- Wired Equivalent Privacy (WEP)
- WIFI Protected Access (WPA)
- WIFI Protected Access 2 (WPA2)
WEP is the oldest WIFI encryption protocol in the wild. However, it is the least secure and should not be used at all.
WPA and WPA2
These two protocols require users to enter a security password to access the wireless network. These two protocols are frequently updated to patch security holes and adapt to the newest technology.
Alight, I tried to key this post
The biggest take away should be that a portion of security relies on you, the owner of the video doorbell. If you do not take the basic steps, like change the router username and password, it won’t matter how secure the video doorbell is. Without assistance from the end user, nothing is totally secure.