Amazon is putting consumers at risk by listing and recommending cameras with security flaws that leave their owners exposed to hackers and snoopers according to a new Which? investigation.
The consumer association carried out extensive tests on six wireless cameras and found serious security flaws despite the fact that these devices have thousands of positive reviews and were even able to earn a coveted “Amazon's Choice” recommendation. To make matters worse, many of these devices are marketed as being suitable for use as baby monitors.
The investigation found a number of issues including weak passwords and strangers being able to remotely control these cameras to spy on users and access their unencrypted data.
- Amazon is launching its own version of Wi-Fi
- Your printer: it's a vulnerable, connected device
- IoT devices becoming an increasing security risk
Which? Was first alerted to these problems by industry experts and comments in Amazon reviews including a rather shocking one from a father who said he had “chills down his spine” after hearing a mysterious voice coming from a camera next to his child's crib after it was apparently hacked.
Connected camera security issues
Which? carried out lab tests on four cameras suspected of having security issues: the Victure 1080p, Vstarcam C7837WIP, ieGeek 1080p and the Sricam 720p.
It was quite simple for the testers to gain root access to the Victure 1080p which would enable a hacker to take complete control of the camera and view footage captured from the device as they pleased. The Vstarcam C7837 had a default username that was set to the basic 'admin' as well as an easily guessable default password.
The ieGeek 1080p and Sricam 720p cameras both use the same app and because of this, both devices share the same security flaw. Which? found that WiFi passwords were sent unencrypted over the internet when a user entered them on both devices. This would enable an attacker to access the user's home WiFi network to see what users are doing on the web and even gain access to data stored on other devices in their home.
Some of the cameras the consumer association looked into even had their passwords and usernames written clearly on the side of the product and users frequently uploaded pictures of them alongside reviews. This opens up users of these devices to potential attacks regardless of whether or not the posted the picture as once the information is out there, hackers can easily use it to their advantage.
Which? has asked Amazon to remove these products from its store but when the group reached out to the e-commerce giant, the company declined to comment.
- We've also highlighted the best VPN services of 2019
No comments yet.