If a company develops a wireless hardware device with an embedded Web server, is wireless security sufficient?

Suppose the Acme Webcam can connect to a home network over a Wi-Fi link. This Webcam has an embedded Web server enabling a viewer to access it and view its images using any Web browser. The company plans to market the Webcam as a security camera that enables customers to view their homes from the office or while on vacation.

The Wi-Fi link, between the camera and the customer's wireless router, must be secure to prevent a burglar or a voyeur from sitting outside the customer's home with a laptop and a Wi-Fi card and intercepting and viewing the transmitted data. Standard wireless security measures, such as WEP or WPA secures this link.

However, to prevent anyone on the Internet from seeing inside the house, the link must be encrypted all the way from the Webcam to the browser: Wireless security alone is insufficient to properly protect a device that is accessed remotely. SSL is the standard way to secure transmission from a Web server on the Internet. Banking and e-commerce Web sites use SSL to keep customer banking information and credit card numbers safe. By now, consumers are familiar with secure Web sites: they can identify one by locating the familiar closed padlock  in a browser before entering any sensitive data.

Note: A device secured by AutoSSL does not need any additional security (such as WEP or WPA) if all local access to it is secured.