More than 100,000 indoor security cameras across UK homes and businesses may have critical security flaws that make them vulnerable to hacking, an investigation by Which? has found. Owners of wireless cameras that use the CamHi app could be at risk of having their home or business spied upon by cyber-criminals, in addition to having data stolen or other devices targeted, according to the analysis.
Although many cameras have been removed from sale, many remain available from online marketplaces such as Amazon, eBay and Wish.com, and include popular brands like Accfly, ieGeek and SV3C. Over 12,000 were activated in UK homes in the last three months alone, and Which? believes there are around 3.5 million of these camera types in use around the world, mainly in Asia.
The investigators believe 47 different brands worldwide have a critical flaw in their camera design and software. This could allow hackers to access the video stream to spy on homes as well as talk to people if the camera has a microphone. Additionally, they could potentially steal or change passwords, discover the exact location of the camera location and target other devices connected to the same network. Even changing the password may not protect against such attacks.
Commenting on the findings, Jake Moore, cybersecurity specialist at ESET, said: “The massive growth in Internet of Things (IoT) devices placed in the home and office provides the perfect opportunity for cyber-criminals to make money from particular types of malware. IoT devices are far too often packaged up with weak (if any) built-in security features, so the public are on the back foot from the outset. Security updates also tend to be infrequent which puts further risks on the owner.
“Updates and 2FA are critical but you may need to ask yourself if you really need your security camera online 24/7. If the cameras still record on the premise, they may not need to be online at all, preventing the risk of an attack altogether.”
Last month, the UK government launched a program to incentivize the creation of design schemes that test the security of IoT products due to the growing prevalence of these kinds of devices in households.