Study author Gareth Tyson from QMUL told CNN that data uploads of the unencrypted data increase when a camera is recording something moving, so an attacker could tell if the camera was uploading footage of someone in motion, and even different types of motion like running or sitting. The risk is that “someone who is specifically targeting an individual household rocks up outside with a device to try and start passively monitoring traffic,” he said. Tyson told CNN that an attacker would require a decent level of technical knowledge to monitor the data themselves, but there is a chance that someone could develop a program that does so and sell it online. Noting that he hasn’t seen any direct evidence of this kind of attack taking place, he said one potential use would be if someone wanted to burgle your house.
Tyson says companies could randomly inject data into their systems to make it harder for attackers to spot a pattern.
The study has been published at the IEEE International Conference on Computer Communications.