posted 03-25-2002 02:11 PM PT (US)
Cracking X10 Cams
By Avi Rubin
March 25, 2002
Go to any major Web news site or popular portal -- and odds are that a "pop under" ad will slip onto your screen underneath the content you are browsing. When you close the window -- surprise! -- there's the ad.
One of the most common ads these days is for an X10 wireless camera. Since it requires no cables, this ingenious little device can be put just about anywhere. The X10 camera transmits captured images over the air waves at 2.4 GHz. A receiver can be connected to a computer anywhere within range and the images will be stored on the PC's hard drive.
There are many uses for such a technology. Some people install the cameras to watch their little babies in their cribs. Others keep tabs on the babysitter or nanny. Businesses use them as security cameras, and still others use them in less reputable ways to catch a sneak peek of unknowing neighbors.
While the camera and the receiver can communicate with ease over a certain range, there is nothing to prevent someone with another receiver from picking up the signal as well. Such eavesdropping is utterly undetectable, and by using an external antenna the range of signal interception can be dramatically increased.
Driving around Summit, New Jersey, with a receiver equipped with just such an antenna, we dug up plenty of interesting results. We intercepted pictures from a well-known retail outlet that uses X10 cameras for its security surveillance. We snagged pics of babies in cribs, babies with nannies, and other interesting sights.
Easy to crack, hard to defend
As this technology proliferates, so does the potential for abuse. The ability to spy on others is outpacing the available technology for protecting personal privacy. It is clear that X10 cameras may be catching on, but security concerns are as unpopular as ever.
Most people assume that if they use such a camera, then others cannot access the images -- just like with a cordless phone, where people tend to forget that their airborne conversation can easily be tapped.
View larger image
Wireless LANs suffer from similar problems, but in that case the solution is to encrypt traffic. Traffic can be encrypted at the network layer using something such as IPSEC. Unfortunately, the protocol built into 802.11, called wired equivalent protocol (WEP), is totally inadequate. (If you need proof, read up on war driving.) X10 cameras cannot encrypt as easily as can 802.11 because the signal is analog, the same as cordless phones.
If you use X10 cameras, your security options are limited. Your best protection is to assume that anyone driving by can see the images captured by your cam, so don't use it to record your romantic escapades.
If you're worried that someone is spying on you with a hidden X10 camera, get an X10 receiver and scan the channels for a signal emanating from your area.
Avi Rubin is a principal researcher at AT&T Labs -- Research and a member of the board of directors of USENIX, the Advanced Computing Systems Association.