News Hub

100,000 wireless cameras in UK homes hackable, says new study

Written by Fri 12 Jun 2020

Which? said vulnerability could be used to pinpoint user location and grant access to live footage

More than 100,000 hackable wireless cameras are estimated to be active in homes across the UK, Which? has warned.

The consumer group says dozens of camera brands made by China-based company HiChip are affected by various flaws, including security vulnerabilities with the devices themselves and an accompanying app to access them.

They claim that the issue could be exploited by someone to pinpoint where the user lives, target other devices linked to their broadband, and even grant access to live footage and speak via the camera’s microphone.

It also believes an attacker could carry out these activities even if the owner changes their password.

A security expert tested five wireless cameras from Accfly, Elite Security, ieGeek, Genbolt and SV3C – all of which can be purchased on popular online marketplaces – and found that they were affected by the flaw.

More widely, Which? says 47 camera brands worldwide may be jeopardised, 32 of which are currently or were previously sold in the UK, and is therefore advising anyone who believes their camera could be affected to stop using it immediately.

The brands identified include Alptop, Besdersec, COOAU, CPVAN, Ctronics, Dericam, Jennov, LEFTEK, Luowice, QZT and Tenvis.

Any wireless camera using an app called CamHi could be compromised, experts believe.

China-based HiChip is behind many of these camera brands, as well as the CamHi app.

The company responded to the investigation, saying its devices have a “very low security risk” because it encrypts all data between the camera and the app.

However, Which? says HiChip has committed to working with experts on improving safety.

The weakness revolves around the devices’s Unique Identification numbers (UID), often found on a sticker on the side of the cameras and can be easily discovered and targeted by bad actors.

Using this, hackers can prey on users of the CamHi app when they connect to their camera, thereby steal the device’s username and password, and use those details to gain full access to the camera without the user’s knowledge.

“People may believe they are picking up a bargain wireless camera that can bring a sense of security – when in fact they could be unwittingly inviting hackers into their home or workplace,” said Kate Bevan, Which? computing editor.

“Anyone who has one of these cameras in their home should turn it off and stop using it immediately, while all consumers should be careful when shopping around – cheap isn’t always cheerful, especially when it comes to unknown brands.

“The Government must push forward with its plans for legislation to require connected devices to meet certain security standards and ensure this is backed by strong enforcement.”

Around two-thirds (23) of the brands sold in the country are currently available on Amazon’s UK website.

The consumer group said Amazon has so far declined to remove any after it was approached.

More than half (19) of the brands are on sale on eBay, who said the cameras are “all legal to sell in the UK and comply with our existing policies”.

“We encourage people who purchase any wireless camera product on eBay to take appropriate security precautions, in the same way they would with any smart home devices, online email or social media account,” the firm explained.

Written by Fri 12 Jun 2020


Send us a correction Send us a news tip