Amazon selling home security cameras with huge security flaws
03 Oct 2019
Which? has warned that Amazon is listing and recommending wifi enabled cameras that leave owners exposed to hackers.
The consumer champion claims thousands of people are “being duped” by Amazon-recommended security products which put consumers at risk.
Which? researchers carried out tests on six wireless cameras and found serious security flaws – despite all of them having thousands of apparently positive reviews and earning a coveted “Amazon’s Choice” recommendation.
Issues included weak passwords, strangers being able to remotely take control of the camera to spy into homes and unencrypted data, which could potentially allow a hacker to gain access to any of the devices connected to a home wifi network.
The cameras Which? tested
Which? carried out lab tests on four cameras: the Victure 1080p, Vstarcam C7837WIP, ieGeek 1080p and Sricam 720p.
Researchers found it easy to gain “root access” to the Victure 1080p – which would enable a hacker to take complete control of the camera and view footage.
With the Vstarcam C7837WIP, researchers were able to recover the username and password for the administrator account after carrying out simple online checks. A hacker armed with this information would be able to completely control the camera’s settings.
The ieGeek 1080p and Sricam 720p cameras appeared to share an app – and a security flaw. In both cases, wifi passwords were sent unencrypted over the internet when a user entered them. This would enable an attacker to access the user’s home wi-fi network, see what users are browsing and even gain access to data – including browsing history – stored on other devices connected around the home.
Which? carried out further tests with a US-based security expert who was able to remotely access and take control of the Elite Security, Accfly Camhi APP Outdoor Security Camera 1080P and the Vstarcam C7837WIP that had been tested in the lab.
He was also able to hack into the video feed on the Elite Security camera when it was set up in the home of a Which? employee.
Difficult to contact companies
When Which? attempted to contact the manufacturers of these cameras to alert them to these security flaws, it proved impossible to trace them.
Of the top 50 best-selling surveillance cameras on Amazon.co.uk, 32 are made by companies with limited contact details – 31 of which are registered in China – and sometimes no web presence beyond the online stores where they are sold.
Which? discovered a complex and challenging web of different companies involved in producing these cameras, which are often cheaper than well-known brands.
Which? asked Amazon to remove these products from sale and is calling on the company to systematically monitor customer feedback and investigate those cases where consumers have identified issues with security. When Which? shared its findings with Amazon the company declined to comment.
Adam French, consumer rights expert at Which?, said: “There appears to be little to no quality control with these sub-standard products, which risk people’s security yet are being endorsed and sold on Amazon and finding their way into thousands of British homes.
“Amazon and other online marketplaces must take these cameras off sale and improve the way they scrutinise these products. They certainly should not be endorsing products that put people’s privacy at risk.
“If they refuse to take more responsibility for protecting consumers against these security-risk products then the government should look to make them more accountable.”
Which? top tips on how to secure home cameras
- Change any passwords. A common flaw with wireless cameras is that they often have weak default passwords that are simple for an attacker to work out. Check the app or camera settings to see if you can change it to a more secure password.
- Consider where the camera is placed. While a camera faced on a driveway or front door might be OK, avoid places such as a bedroom, bathroom or anywhere where a baby or young child might be.
- Be wary when considering a purchase from a brand that you don’t recognise or can’t easily find out more about from a quick search online.
- If in doubt, turn the camera off.
Written by: Emma Lunn
Source: Your Money