Cheap Security Cameras on Amazon May Invite Hackers into Your Home

An investigation by consumer group Which? revealed that an estimated 50,000 wireless security cameras in the U.K. and 2 million worldwide come with serious security flaws that allow hackers easy access into the homes of consumers.

Most of these cameras are cheap and have positive reviews in the hundreds and even thousands on Amazon. Shoppers with no knowledge of IoT are likely to purchase them to monitor babies or pets. In doing so, they’re basically inviting hackers into the home, Which? says.

The group tested some of the most popular models on Amazon (ranked by star ratings and number of positive reviews): ieGeek 1080p, Sricam 720p, Victure 1080p and Vstartcam C7837WIP. All had at least a four-star rating, and three were listed as Amazon’s Choice. They also shared major vulnerabilities like weak preset passwords or even the lack of an option to change them, send unencrypted data online, and use a vulnerable peer-to-peer component.

Which? partenered with Context Information Security to test them. By exploiting the flaws, the security experts were able to take control of the device, tap into the live feed, and even speak to the people inside. Making matters worse, neither the seller nor Amazon was available for customer feedback after the security flaws were reported.

“There appears to be little to no quality control with these substandard products, which risk people’s security yet are being endorsed and sold on Amazon and finding their way into thousands of British homes,” consumer rights expert at Which?, Adam French, said of the findings of the investigation.

“Amazon and other online marketplaces must take these cameras off sale and improve the way they scrutinize these products,” French said. “They certainly should not be endorsing products that put people’s privacy at risk. If they refuse to take more responsibility for protecting consumers against these security-risk products then the government should look to make them more accountable.”

Which? will forward the findings to the British government to consider legislation that would prevent such instances of privacy invasion. In the meantime, they’re urging customers to use caution when buying a wireless security camera and to take steps to prevent them from being hacked.

Those who already use the models included in the investigation are urged to turn them off right away, if changing the password is not possible. All consumers are encouraged to buy from a reputable brand that offers proper customer support, and not fall for cheap deals and properly research any planned purchases.

Once the camera arrives, users should go to settings and change the preset password for a stronger one. Which? also advises them to stop posting photos of the camera inside their home, along with details that could lead a hacker to guess the password – including post-it notes with the password itself.

Image credit: Which?