You’ve no doubt seen the explosion in home security cameras lately, particularly those that can hook up to a smart home assistant or a smartphone application. Some of the more popular models include Amazon’s Ring camera or the NEST products. But there’s also a huge, ever-growing market for cheaper technology manufactured in countries like China.
Well, an official report from Which? has found that many of these cheaper knock-offs have serious security flaws, and what’s more, they’re being sold by Amazon – one of the largest and most-trusted online retailers around – to unsuspecting consumers.
The ‘Which?’ study
According to researchers who work for consumer champion ‘Which?’, many cameras were found to have alarming security issues, yet a large number of these still had a large number of positive reviews on the retail website. As some shoppers choose their purchases by identifying the best-scoring products in their category, a huge numbers of customers could be led into purchasing unsafe hardware based on these reviews alone. Some such products even display the much sought-after ‘Amazon’s Choice’ label, further promoting them.
Which? tested four different cut-price models of camera that could be found on Amazon, all of which were low in price and promised to watch safely over young children. They found issues with the following devices:
- Sricam 720p – £26.24
- Victure 1080p – £29.99
- ieGeek 1080p – £32.99
- Vstarcam C7837WIP – £39.99
Both the Sricam 720p and ieGeek cameras use the same application, and both also share an inherent security issue. Each device transmits unencrypted Wi-Fi passwords over the internet, which could allow a hacker outside your home to connect to the device and control the cameras remotely themselves.
Think this is just scaremongering? Think again; it has been proven that this can be done, and though you should always take anonymous reviews with a pinch of salt, here are some excerpts from Amazon reviews on these affected products:
‘Do not buy this camera. There are serious security flaws with the software and the camera itself…. I thought all was fine until someone started speaking through the camera two nights in a row. If you do have one, be very careful about what it can see!’Amazon reviewer of ieGeek camera
‘One evening the camera moved on its own and someone spoke to us, this was extremely unsettling… Was a horrible feeling knowing people had been viewing our everyday lives.’Amazon reviewer of ieGeek camera
And for the Victure 1080p camera, ‘Which?’ confirmed that it was “worringly simple” to gain what’s known as ‘root access’ to the device. Root access hands full control of a system to a user and is usually reserved for software developers, but it means that a malicious third-party could have complete control over the camera.
And when it comes to the fourth offending device, the Vstarcam C7837WIP, it was found that the default credentials for accessing the device are set to ‘admin’ with an equally simple password. This is a practice that’s already been condemned by the government for such smart devices.
As a Which? Trusted Trader, we’re always fully supportive of research like this, as smart technology is such a new scene and there are bound to be future security issues like these. If you need any more advice around smart home devices, get in touch with WiseGuys on 0808 123 2820.