back to article Rogue ADT tech spied on hundreds of customers in their homes via CCTV – including me, says teen girl

A technician at ADT remotely accessed hundreds of customers' CCTV cameras to spy on people in their own homes, the burglar-alarm biz has admitted. At least one of the victims was a teenage girl, and another a young mother, according to court filings. Last month, an ADT customer in Dallas, Texas, spotted and reported an …

  1. The Man Who Fell To Earth Silver badge
    WTF?

    His own email?

    No smart.

    1. Beeblebrox

      Re: His own email?

      Seven _years_

  2. Chris G Silver badge

    Wow! What a creep. It does point to a certain laxity on the part of ADT in the first place to ensure that any unauthorised access was not possible.

    From the article, it mentioned they were going to remove the unauthorised email address via a software update, that seems to indicate that access may still be possible by other means.

    Perhaps they should consider a full security audit on their kit?

    1. Mongrel

      "From the article, it mentioned they were going to remove the unauthorised email address via a software update, that seems to indicate that access may still be possible by other means."

      They were going to remove the ability to access the service mode via an update. It was this that allowed the perv to enter his e-mail in the field.

  3. Pascal Monett Silver badge

    "ADT failed to monitor consumers’ accounts"

    Right. Absolutely true. Just like White Star Lines failed to put enough lifeboats for all passengers.

    ADT is guilty of trusting its employees. A harsh lesson, and one that will bring down a raft of restrictions and technical difficulties that will indeed make it impossible in the future to do such things as spy on an underage girl. And that is undoubtedly a good thing. However, given that ADT threw the book at the guy and delivered him to the police, and pledged to do what was necessary to keep this from ever happening again, I do not see that that ADT should shoulder all the blame.

    Honestly, the technician was there to install the system. He has authority to define the email addresses that have access. Internal procedures already forbade any unrecognized manipulations, what more do you want ? The creep cheated. The system is not at fault.

    Now, ADT is going to have to modify the installation procedure to ensure that the technician has a list of approved email addresses, shows them to the customer and gets a signed approval, in order to ensure that this does not happen again. Because of one asshole, countless time and money will be employed to get customer approval of every address added to the system.

    That's exactly why we need laws : because of the 0.0001% of assholes who ruin everything for everyone.

    1. Glen 1 Silver badge
      Trollface

      Re: "ADT failed to monitor consumers’ accounts"

      "That's exactly why we need laws : because of the 0.0001% of assholes who ruin everything for everyone."

      Something something social distancing Covid-19

    2. fwthinks

      Re: "ADT failed to monitor consumers’ accounts"

      I would agree that ADT should not shoulder all the blame - but they are jointly responsible.

      On the good side, they collected logs and were able to trace the issue. However on the bad side, it took a customer to monitor the logs and alert them to the problem. Why were ADT not monitoring the logs? probably because it costs time and money - so almost certainly somebody in ADT made this trade-off that they did not want to pay this work to be done.

      Yes, you have to delegate control to employees and give them the ability to do their job, but every company is responsible for ensuring monitoring is not only in place but also regularly audited.

      1. johnfbw

        Re: "ADT failed to monitor consumers’ accounts"

        How would ADT monitor logs? Checking bob@adt.com doesn't have access is one thing (though of course bob might own the house); but there is no way to tell bob@hotmail.com is not genuine.

        Even cross referencing all the log on lists is impractical - corporate sites will have many identical users, security companies many have legitimate access across many sites, even someone owning multiple properties.

        The only thing ADT can realistically do is make sure owners check who has access to their systems and possibly enforce an audit every 6 months (which would piss off most users)

        1. Danny 14

          Re: "ADT failed to monitor consumers’ accounts"

          You dont have scripts or triggers for certain accounts accessing many systems? You dont have audit logs checking multiple account logins to multiple consoles? How about access audit logs for security and admin rights?

          How would you spot rogue admin accounts on your systems?

          ADT is a security company failing at security. Pretty shit job.

      2. DJO Silver badge

        Re: "ADT failed to monitor consumers’ accounts"

        but they are jointly responsible.

        But they are wholly responsible for allowing it to happen in the first place and not having protocols to prevent and detect abuse of their system, for that alone they should burn.

        But this is in the USA so it'll drag on for years, the 220 families will get a token payment and a "truly sincere" apology while the lawyers will get new yachts.

        1. Lotaresco Silver badge

          Re: "ADT failed to monitor consumers’ accounts"

          "But they are wholly responsible for allowing it to happen in the first place and not having protocols to prevent and detect abuse of their system, for that alone they should burn."

          Is the correct answer. This is evidence of shocking levels of not caring about security by ADT. It's negligence. As to "How would ADT monitor logs? " raised by someone else. That's what a SIEM is for, although monitoring logs is hardly a taxing task. Config changes should be reported to ADT/the customer.

          This incident is evidence that ADT was saving cash by skimping responsibility.

        2. Anonymous Coward
          Anonymous Coward

          Re: "ADT failed to monitor consumers’ accounts"

          DJO, any ADT technician onsite will need to be able to access the system, and there has to be a way for the residence owner to add or remove people, so all it takes is one rogue ADT tech breaking the rules when servicing the kit and you think the whole company should go down?

          If one of your relatives or friends broke the law but you didn't, should you be punished for it too? (Ignoring the offences of being an "accessory before, during or after" and of "aiding and abetting" by not reporting it, of which you would be guilty).

          1. DJO Silver badge

            Re: "ADT failed to monitor consumers’ accounts"

            so all it takes is one rogue ADT tech breaking the rules

            No, all it takes is ADT to design a system where abuse is both possible and able to remain undetected.

            Yes you are going to get "bad players" but surely we all know that, you know that, I know that, ADT know that so it is inexcusable for them not to have taken that into account when designing their systems.

            1. Danny 14

              Re: "ADT failed to monitor consumers’ accounts"

              Or perhaps the admin access is logged centrally so that ADT could contact the admins if necessary. Pretty fucking obvious if the same email turns up on many systems. Maybe the principal account holder needs to auth the additional admin manually. Perhaps the system periodically emails the principal with a list of what it has done etc.

      3. big_D Silver badge

        Re: "ADT failed to monitor consumers’ accounts"

        The problem is, how does ADT know the difference between a mail address the customer entered or an email address that was entered by an employee when visiting the customer? I assume it was private email address, so probably wouldn't have been suspicious in a log, on its own - just another gmail address, for example.

        If their system checked for the same address on multiple accounts, it might work - unless he created a different address for each account he compromised...

        I agree ADT has some fault here, but no matter how hard you make it, somebody will come up with a way around your precautions.

        1. EnviableOne Silver badge

          Re: "ADT failed to monitor consumers’ accounts"

          This is why there is a legal definition of due dilligence

          they dont have to make it impossible, they just have to make it unfeasably difficult or easily spotted and terminated.

          the least the system could do is check a new email address is on other accounts, check admin access by geo-location and or use behaviour analytics on access. It needs no human intervention and cost are resonable comapred to the cost of running the system

    3. Beeblebrox

      ADT is guilty of trusting its employees

      For ...

      Seven _years_

    4. MachDiamond Silver badge

      Re: "ADT failed to monitor consumers’ accounts"

      "The creep cheated. The system is not at fault."

      I beg to differ. I'll bet you a pony that ADT has procedures in place that prevent people in accounts payable from writing themselves a check for 6 figures. I doubt any employee or even an executive has sole authority to access an unusually large sum of money.

      Tech installs and configures the system and a random supervisor logs in and checks the configuration remotely when it's complete. Any anomalies in standards are called out immediately. Any indication the tech is installing a backdoor is met with a dismissal.

      It's not hard to create a system with checks and balances. Only the will to do it is lacking.

  4. Sykowasp

    Creepy peeper.

    Although as a parent (or more generally, a person who tries to think things through) I think I would push back on cameras in bedrooms/bathrooms regardless.

    And yes, the key thing about systems is that the owner should be notified when new accounts are added, maybe get a monthly report of users on the system, and more. Full audit trails of every configuration option too. I don't know if ADT have centralised access to accounts or if they're managed within the home only - but duplicate email addresses on multiple home installs could be flagged and investigated as well. I.e., basic business reports could have found this issue far earlier, but nobody thought that an employee would actually be tempted by the thought of some sneaky voyeurism?

    1. BebopWeBop Silver badge
      Facepalm

      'Push back'!!! I would neither do it myself (and I do have some security cameras in and around the house - although installed by me and locked down). No camera in any bathroom or bedroom.

      I would expect any sane individual not just to push back, but say GET THE FUCK OUT OF HERE.

    2. JimboSmith Silver badge

      This is the reason I have never connected my wifi camera to the internet. Mine is a swivel and pan job. I went to a major retailer of electrical goods which Hugh Dennis may do the voiceovers on their advertising. I asked the sales associate for a wifi camera that had swivel and tilt that didn't require an internet connection. I explained that I wanted to use it whilst at home to see when I was getting a delivery. He showed me one brand I knew did require access and didn't have swivel and tilt. I pointed this out and we looked at others all of which required the internet and in some cases a cloud storage subscription.

      After rejecting all of them the bloke says l'll need the internet so he can't see why I'm rejecting all these cameras. I said I specifically didn't want that and in a testy voice asked why I'd "need" it. How else would I be able to see it when out? I won't is my reply but then neither will anyone else.

  5. simkin

    Camera in bedroom?

    What morons would put a camera in a bedroom in the first place?

    1. vogon00

      Re: Camera in bedroom?

      Errrrrrrrr....morons?

    2. Androgynous Cow Herd

      Re: Camera in bedroom?

      The moronic kind

    3. John Brown (no body) Silver badge

      Re: Camera in bedroom?

      I can see that some people living in a single story home where all ground floor windows might be seen as a possible point of entry b y a criminal might go for a system like that. But even then, I'd be wary about when the cameras might be "live" and what they may record, where the images are stored and who might have access to those recordings. I suspect that it's "security consultants", ie sales people up-selling a system with more cameras than necessary.

      Personally I'd go with outside cameras set up so that the alarm is triggered if the camera faults or disappears from the system. Or maybe no cameras, just proper perimeter detection triggering alarms and lights.

      1. Anonymous Coward
        Anonymous Coward

        Re: Camera in bedroom?

        In that case (thinking from a responsible CCTV installer, not the ones or company in the article) would it not be better to install the camera outside and/or just looking out the window/across the window? As once inside, it's less useful to have the camera working?

      2. Lotaresco Silver badge
        Holmes

        Re: Camera in bedroom?

        "I can see that some people living in a single story home where all ground floor windows might be seen as a possible point of entry b y a criminal might go for a system like that."

        I live in a three storey house. It still has ground floor windows. Do criminals just give up with trying to get in through a ground floor window if the house isn't a bungalow?

        1. John Brown (no body) Silver badge

          Re: Camera in bedroom?

          "I live in a three storey house. It still has ground floor windows. Do criminals just give up with trying to get in through a ground floor window if the house isn't a bungalow?"

          Of course not. I was making a point about ground floor bedrooms and therefore why someone might want a security camera in a bedroom. If you are in a flat or apartment solely on the ground floor of your three storey house, then yes, this may still apply to you. I didn't specify a bungalow, I just specified an entirely ground floor dwelling. For the argument I was making, it was irrelevant if anyone was living on a floor above the ground floor dwelling.

    4. Steve 53

      Re: Camera in bedroom?

      I suspect the salesman was bonused on the number of cameras installed / size of deal, so if they can persuade them that cameras in the bedrooms are 1) Safe 2) A good idea then they'll sell more cameras and make more money.

      Only way to stop that is ADP having a corporate "No cameras in bedrooms FFS" policy, and even then the sales people will be grumpy about getting in the way of their ability to sell...

  6. Jamesit

    I agree with the comments able him being a creep. But WTF would someone have a security camera in their bedroom?!???!

    1. Anonymous Coward
      Anonymous Coward

      Yup. Seriously – I would not put a camera in my bedroom and then expect nobody to see the footage. I mean, even if it were used to solve a break-in or something, someone would have to go through all the other footage to find the pertinent bit, which would inevitably include things I'd really rather people did not see. CCTV has no place in bedrooms at all. They don't even do that in prisons, FFS.

  7. Anonymous Coward
    Anonymous Coward

    And this is why I don't do cloud based access.

    Yes I have CCTV at home and I can add a further 17 network cameras and 6 physical cameras onto it. But as good as the system is, I have it behind my firewall, running off a box I trust and can review access to at any time.

    Also, if I was ever going to add any cameras inside the house, they'd be on the ground floor or at worst, the stairs pointing down them. Never in any of our bedrooms. What goes on in there needs never be recorded... (Well except for that one video... But that's besides the point).

    As tragic as this is it could have been avoided if the temptation wasn't there due to cameras in private locations.

    That doesn't however remove that ADT allowed this to happen. Human weakness will always bring down these high ideals.

    1. Anonymous Coward
      Anonymous Coward

      Re: And this is why I don't do cloud based access.

      . Never in any of our bedrooms. What goes on in there needs never be recorded... (Well except for that one video... But that's besides the point).

      Could you upload it so we can judge for ourselves?

      1. jake Silver badge

        Re: And this is why I don't do cloud based access.

        "Could you upload it so we can judge for ourselves?"

        It's already available, with the rest of the junk stolen from the unaware. You can usually access it for yourself at IP address 127.0.0.1 ...

        1. Bob7300
          Alert

          Re: And this is why I don't do cloud based access.

          huh, All my stuff is on there!!!!!!

        2. jelabarre59 Silver badge

          Re: And this is why I don't do cloud based access.

          It's already available, with the rest of the junk stolen from the unaware. You can usually access it for yourself at IP address 127.0.0.1 ...

          Oh wow! Now I don't have to do backups anymore, all my stuff is saved on the cloud! I can clear up extra files too, since I can always re-download them from there...

    2. steviebuk Silver badge

      Re: And this is why I don't do cloud based access.

      What setup is that may I ask? I've been searching over and over for non cloud based, non subscription based CCTV but struggle to find anything.

      1. Adam JC

        Re: And this is why I don't do cloud based access.

        Almost every single camera manufacturer offers a non-cloudy offering;

        - Geovision/Hikvision (Taiwanese/Chinese.. make of that what you will)

        - Dahua (Also Chinese.. see above)

        - Axis (Swedish - Very expensive and poor value for money)

        - Samsung / Hanwha-Techwin - (South Korean - Moderately expensive)

        - Bosch - (German - Insanely overpriced and I believe some of their units are actually made in China now anyway)

        - Mobotix - (German - Horrifically expensive, pro-grade kit)

        The others are almost all rebranded kit. All of the above come with local recorder solutions which you don't have to even supply an internet connection to. Some have cloud options but again, you don't have to use them :-)

        1. Martin J Hooper

          Re: And this is why I don't do cloud based access.

          Synology has a camera system for their NAS's as well.

          https://www.synology.com/en-uk/surveillance

          Not sure if they are cloudy or not though

        2. Anonymous Coward
          Anonymous Coward

          Re: And this is why I don't do cloud based access.

          It's a Hikvision one. Originally designed for commercial properties along with our house alarm (I've seen a number of different small businesses use the same system).

          With regards to configuration I've monitored it's network traffic through wireshark and I've not seen anything I wasn't expecting from it.

          With regards to streaming externally, I've configured a DDNS host, changed the port numbers and stuck a stupidly long password for the externally available account (viewing only, no further control to the system). It's also got a blacklist for failed access attempts.

          Long term I might move to running it over an SSH tunnel for that added level of security but I've not seen enough attempts to warrant going that far yet.

          Anon.

          1. Anonymous Coward
            Anonymous Coward

            Re: And this is why I don't do cloud based access.

            Also for the record HIKvision open sourced a number of systems' firmware since 2017 - so if you've got the time and inclination you can have a nosy through that for nefarious Chinese/Russian/Iranian/North Korean/American/Bogey man du jour code that shouldn't be there.

      2. Anonymous Coward
        Anonymous Coward

        Re: And this is why I don't do cloud based access.

        Swann did a ton of them. But depends what country you are in.

      3. BebopWeBop Silver badge

        Re: And this is why I don't do cloud based access.

        Roll your own with a Pi - what's what we did.

      4. Lotaresco Silver badge

        Re: And this is why I don't do cloud based access.

        IP cameras, a Synology NAS and Surveillance Station works but there is a two camera limit as shipped in the box. If you want to add more cameras you need to buy a licence pack at around £50/camera or £160 for four cameras.

        1. Danny 14

          Re: And this is why I don't do cloud based access.

          Ubiquiti do cameras too. Not too bad pricewise.

          1. Adam JC

            Re: And this is why I don't do cloud based access.

            Ubiquiti cameras are absolutely piss-poor in almost every conceivable notion. Value for money, quality, interopability (No ONVIF!), you name it - Their networking kit is ace, but their CCTV stuff belongs in the same place as their equally pathetic VoIP phone escapade they briefly embarked on and that's in the bin.

  8. edris90

    They roll the dice on external security Services vs developing and administratoring in their own.... now they're upset that a piece of paper and a company namedl did not protect them from basic realities. When you outsource you lose control and are completely at the mercy of whatever underpaid disgruntled workers the contracted company managed to retain.

    the only people that should ever have physical access or be involved with the installation operation of your security system is you and the other occupants of the house.

    If you need to access your remote camera feeds, use a VPN gateway.

    If There's cameras in the bedroom then you can be pretty sure the dad is watching his daughter masturbate.

    1. BebopWeBop Silver badge
      Thumb Down

      Maybe in your somewhat distorted world?

    2. MrMerrymaker Bronze badge

      "If There's cameras in the bedroom then you can be pretty sure the dad is watching his daughter masturbate."

      You've spent too long on Pornhub during its lockdown freebie period.

      1. Lotaresco Silver badge

        "You've spent too long on Pornhub during its lockdown freebie period."

        Obligatory Quagmire reference.

  9. jake Silver badge

    ADT had logs going back 7 years?

    And they didn't notice until now?

    Some "security" company ...

    1. Anonymous Coward
      Anonymous Coward

      Re: ADT had logs going back 7 years?

      Calling ADT a security company is a bit rich, in the UK anyway. They now consist of a massive network of 'franchised' self-employed contractors. I've seen some of their work and quite frankly, it's ridiculous.

      - Internal grade CAT5 cheap-ass CCA ran over a factory roof, split wide open after less than 2 years and filled with water which killed all the cameras.

      - Daisy chaining power supplies together with jelly crimps, chocolate blocks,

      - CCTV DC12v power fed from a butchered 12V charger for a childs electric toy car, cellotaped and chocolate blocked to feed 4 cameras...

      - WD Green hard drives installed in a CCTV NVR/DVR...

      The list goes on, I've had multiple encounters with ADT's CCTV division and they are borderline dangerous at times. I don't know what their alarm side are like, but I'm not sure I'd entrust my home security to them based on prior dealings..

      1. clyde666

        Re: ADT had logs going back 7 years?

        Yep, plus one for the sellotape reference to power cables.

        Couldn't believe it when I saw it. All replaced within days.

  10. Kevin McMurtrie Silver badge

    Access controls?

    Does their billing system look the same or was video feeds of bedrooms just not important to protect?

  11. Anonymous Coward
    Anonymous Coward

    Not surprised

    As companies that are supposed to install a SECURITY system, always end up having shit security.

    The CCTV installers we used at work set up all the remote cameras with the same, easy to brute force passwords, and never bothered to switch on https. So all cameras, for years, were publicly available to the world if you knew the IP addresses. Until I joined and spotted it and suggested we may want to lock them all down.

    Then you have the local alarm company that put the alarm in my house before I bought it. Who's website is so poor, I'm shocked they are still in business. Half http, bits in https. Links to broken pages. Links to dead domains. One domain I purchased and redirected to my site instead.

    Speaking of that last bit you also have CCTV installers that go bust. So the sign on a beach on the Isle Of Wight that states there are CCTV cameras watching that area (there isn't). The domain address on the sign was now dead as the company had gone bust. So again, for the fun of it and in case someone ever looks that address up like I did. It redirects to my website :)

    1. Anonymous Coward
      Anonymous Coward

      Re: Not surprised

      Once registered nameofyourwebsitehere.com which just displayed a gif of clashing colours with text saying "your dev is lazy and doesn't check what they copy and paste"

      Wonder how many omg I've been hacked meltdowns that triggered lol

    2. Anonymous Coward
      Anonymous Coward

      Re: Not surprised

      Upvote but with the caveat that I'm not sure how legal those redirects are. Hope your day in court goes well should it ever turn up.

  12. chuBb. Bronze badge

    Hmmmm

    “This type of access could only occur because ADT failed to implement adequate procedures that would prevent non-household members from adding non-household email addresses,”

    And just how would adt or anyone be able to define household email addresses??? Sure you could write them on order form but you would always need the ability to change or add them. Is this so different from net connected baby monitors running default passwords and not just annother case of people having to face up to the need admin any net connected device they add to their home??

    While I have sympathy for the victims in so much that it happened, its just another I.D.I.o.T* leak just a particularly sleezy one. While the alarms were probably phone home to base station monitored verities, the owners if not adt should audit the defaults and at the very least change the admin password. If it was a cloudy portal then adt really should force account reviews every month at login, literally login confirm n number of people should have access to cams locks etc. No different to how access to key safes is conducted.

    *Insecure Defaults on IoT

  13. Tubz

    So ADT systems allow access from any old IP address so long as you have an account setup, not smart, going to cost them big $$$$ !

    1. Yet Another Anonymous coward Silver badge

      How do you remotely check your security cameras not from any random IP address?

      When it's installed do you specify all the work, travel and distant hotel wifi you will use to check if somebody is breaking in?

  14. gnasher729 Silver badge

    If you do this to 200 people, there will be _one_ who will take the law in his on hands. He should expect some severe beating.

  15. John H Woods Silver badge

    I have a bit of sideline ...

    ... in rural CCTV systems: watching your barns, horses, etc. First thing I tell any potential clients: any system that gives you the convenience of seeing your camera feed over the internet is - unless we are going to lot more money (and still no guarantees) - going to be visible to at least someone over the internet. You need to double check the frame of all fixed cameras and perhaps even put physical shields on PTZ cameras to ensure they can't see sensitive areas even if they can be moved remotely.

    Of course, most horses aren't that bothered about cameras (until one girl got enthusiastic and tried to remotely talk to her horse via the camera speaker!) but it's not unusual for a time-pressed groom to piss in the straw they're just about to take to the muck heap, rather than trek to the nearest toilet. Most of them couldn't give two hoots whether you see them or not, but you've got to make sure they know the cameras are there. (Of course I also have to explain to the stable owners/managers that such cameras absolutely may not be used to check on the work of one's staff).

  16. ComputerSays_noAbsolutelyNo
    Trollface

    retirement sentence

    While populists are quick to call for corporal punishment, even the death sentence, when some perv abuses a minor; nobody calls for similar measures for businesses.

    Why can't we sentence bad corporations to be mandatorily retired, i.e. all business' assets are sold off, the business goes out of existence.

    After all, it took millenia of cruel, draconian punishment for us humans, to prevent us from killing each other.

    Imagine all the shareholders of Equifax having their stocks dissolved by court order. *Poof* money gone. That will teach them making actual security a priority over fast profit.

    1. lglethal Silver badge
      Go

      Re: retirement sentence

      You dont need to kill the companies, you simply need to hold the company's Board and entire C-Suite responsible. If the CEO knows that he will go to Prison for his firm committing a crime (rather than just the firm paying some sort of fine), then he will make sure the firm does NOT commit a crime.

      When people are held personally responsible, they tend to be much more willing to sacrifice immediate profits to stay on the right side of the law.

      1. Yet Another Anonymous coward Silver badge

        Re: retirement sentence

        In this case it's difficult to see what more the company could do.

        When the system is installed on site the installation tech 'helps' a customer enter their account details, and also entered his own.

        Other than having a 2nd installer oversee the first, and another inspector inspecting that inspector....

        They could send a message to the customer listing all the accounts but would a non technical customer notice if the tech was at all smart about picking a name?

  17. chivo243 Silver badge
    Coat

    I've fallen and I can't get up!

    Security companies are parting fools and their money... Especially on the home front.

    https://en.wikipedia.org/wiki/I%27ve_fallen,_and_I_can%27t_get_up!

  18. Anonymous Coward
    Anonymous Coward

    Meh

    When CCTV started to blossom on every street and public building I was working testing the systems post-installation. The software had an option to store camera presets so that the operator could quickly return the camera to its "Home position" or have alternative PTZ settings for "known hotspots". In the first year it was obvious that some operators had added their own presets for bedroom windows, public lavatories etc. All of them dismissed from their jobs. One was weird, it zoomed in on a random garden. It turned out to be that of the next-door neighbour of the operator. There was a long-standing feud between operator and neighbour so she was using the CCTV to watch what her neighbour got up while she was at work. After that she had lots of time at home to watch her neighbour the traditional way, through the curtains.

  19. TrumpSlurp the Troll Silver badge
    Trollface

    Not in MY bedroom!!!!

    There are a number of posts focussing on the sexual aspects of monitoring bedrooms (and bathrooms). Can I respectfully suggest a couple of reasons:

    (1) You have young children and wish to monitor the baby sitter to detect any form of mistreatment.

    (2) You have an aged and/or disabled and/or vulnerable member of the household who requires agency care and you wish to monitor for neglect and abuse. Plenty of examples of cameras hidden in care homes to expose abuse. Extend this to full monitoring of an aged relative who lives alone for trips, falls and again (contract, probably) support staff.

    For those banging on about scanning logs for unauthorised changes being easy. I assume (not stated clearly) that initial installation would include the addition of email addresses to the system for authorised users. Part of the service might well be for the installer to add the addresses for the less technically able (or lazy) customer. One extra address seems easy, and as this is the initial install this forms the baseline to check against for unauthorised changes. I assume there are also legitimate addresses installed for supplier support or it shouldn't have taken 7 years to spot.

    So 20/20 hindsight from most, but no real suggestion about how to spot an email address which isn't authorised support and isn't a personal email belonging to a customer.

    Interested, though, that the feature being used to abuse the system can be turned off without apparently affecting the end user's ability to configure.

  20. EnviableOne Silver badge

    time for a backronym

    ADT = Any Dodgy Technician

  21. aelfheld

    Juvenal

    Quis custodiet ipsos custodes?

  22. A random security guy Bronze badge

    ADT does NOT sell security

    ADT just makes you feel good and complacent about security. In reality, most of their systems can be hacked. What you get is lower insurance premiums. And the hope that the burglars make off with your old toaster oven and not your life.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020