Amazon’s Blink security cameras at their lowest prices – but how safe are they?

Safe security cameras. Place your bets...
26 February 2024

Can Blink security cameras be hacked?

• Blink security cameras are currently available at extremely low prices, given their reputation.
• But Amazon cameras and video doorbells have a history of serious privacy concerns.
• Can Blink security cameras be hacked?

Amazon’s range of Blink home security cameras are at their all-time lowest prices, attracting new customers to these popular devices. These cameras are renowned for being cheaper than most of their competitors, but these latest price cuts take their affordability to a whole new level.

With competition on the home security camera market stronger than ever before, these price reductions seem to be a ploy to attract new customers. You could be forgiven for thinking the cameras must be low quality given their low prices, but Blink security cameras are renowned for being reliable wireless security devices with excellent battery life.

There must be a catch…right? Well, according to some reports, there are growing concerns regarding the privacy of these (and other) cloud connected devices.

Blink security cameras also come in the form of video doorbells, featuring HD video, motion detection, night vision, two-way audio, and local storage. There is also the option to subscribe to a cloud service storage if required. There is a downloadable Blink Home Monitor app, so homeowners can keep track of everything when they’re away. And, being Amazon, it’s no surprise that the cameras are compatible with Alexa. As Amazon says, “Blink and you’re home,” though we’re not sure what this slogan has to do with home security. According to some, a more appropriate slogan would be, “Blink and your data may be hijacked.”

Security vulnerabilities reported by some Blink users

There have been some reports of security issues with Blink cameras, but most have been swiftly dealt with by firmware updates by security researchers.

These vulnerabilities, though, have raised concerns, with some worrying their information and video footage could be hijacked. Then again, this is a concern with most security cameras, particularly those connected to the cloud.

When we look into Amazon’s history of security cameras, it seems the concern is warranted. Ring, another brand of security camera acquired by Amazon in 2018, has experienced a wide range of security and privacy problems over the last few years. And it’s not just the owner’s privacy at stake.

In 2021, Mr. Jon Woodard of the UK was told he had to pay his neighbor £100,000 after a court decided his Ring doorbell broke data laws and caused harassment. His neighbor felt she was under “continuous visual surveillance,” leading to the substantial claim. The lesson here is to never point your security camera at your neighbor’s bedroom.

Amazon has also had to pay out large settlements in Federal Trade Commission (FTC) settlements over Ring and Alexa privacy violations. Totaling $30 million, Amazon had to pay $5.8 million to settle with the FTC over Ring privacy violations and $25 million for Alexa privacy vulnerabilities.

The FTC alleged that Ring gave third-party contractors access to customer videos, compromising customer private information. It was also alleged that fundamental security measures were not implemented by Ring to protect a user’s information from online threats, such as “brute force” attacks. One Ring employee is said to have watched thousands of videos of over 81 female users, who were identified through cameras designated for use in private or intimate settings.

Amazon acquired Blink almost a year before Ring, and, although Blink says is “is not in the business of selling [its] customers’ personal information to others,” it does collect data on users (it’s run by Amazon, after all).

The main question is this – can Blink cameras be hacked? Theoretically, yes – because these devices are wireless, they come with the risk of being hacked, as they can be accessed through the internet. The good news, though, is that there have been no official reports of this happening – yet.

Blink security cameras - are they more secure than Ring was?

Blink security cameras – are they more secure than Ring was?

The fact that Blink cameras have a local storage option means users don’t have to store videos on the cloud, providing better privacy than many other cloud-based security systems.

Further protection comes in the form of encryption. As Blink cameras typically stream footage using a wi-fi connection, Blink uses WPA2 wi-fi channels for encrypted streaming of videos, in the hope to prevent hacking through wireless devices. Information is further protected with Advanced Encryption Standard (AES), too.

As we mentioned, though, Blink security devices can still be hacked. A leading cybersecurity firm, Tenable Inc, experimented with the Blink ST2 model, finding several vulnerabilities and unsafe pathways within the wireless camera.

Such flaws could give a hacker access to the camera – and the live audio feed. Not only that, but Tenable Inc discovered hackers may also be able to hack other smart gadgets through a Blink camera. Out of the seven privacy issues, two were critical, including command injection flaws CVE-2019-3984 existing in Blink’s cloud communication endpoints, and CVE-2019-3989, existing in the device’s helper scripts. Amazon has responded to these privacy vulnerabilities, rectifying the severe security flaws.

How a Blink security camera can be hacked

There have been no official reports of Blink cameras being hacked through the internet, but, like any loT device, they can be hacked either remotely or locally.

Blink cameras - too good to be true?

Blink cameras – too good to be true?

When hacked locally, the hacker gains access to the wireless network the camera utilizes, getting access to the local network. Sometimes, they will use a jammer to block the real network or use security breaches before using a fake network to get access to the camera. Fortunately, a hacker typically needs to be within close range, so this type of hacking is rare.

Remote hacking is the most common type with devices like Blink security cameras. A hacker will use a method known as “credential stuffing,” and scan for login details via data breaches or security gaps. From here, the hacker can view the camera password and username, spying on a camera without the owner’s knowledge. They may even change the camera’s settings, locking the owner out.

Blink cameras remain one of the most popular security devices out there, and Amazon’s recent price reductions may be a move to attract new customers, and move on from worries and threats of hacking.