Vulnerable security cameras could give hackers access to the live footage and enable them to spy on homes or offices, as well as communication capability with people around using in-built microphones.
In June 2020, the consumer watchdog ‘Which?’ found critical security flaws in indoor security cameras, produced by Chinese firm HiChip. These vulnerable wireless cameras are commercially available on Amazon, eBay, Wish.com, AliExpress, and other online marketplaces.
- In total, around 3.5 million vulnerable security cameras developed by 47 different brands, that are currently used in homes and offices, were found vulnerable.
- The use of a protocol called iLnkP2P, by hundreds of other brands, made devices vulnerable to two flaws (CVE-2019-11219 and CVE-2019-11220), and difficult to be identified.
- Accessing the security cameras using the CamHi app could expose the device owners to attackers.
- The flaws were tested and verified in the security cameras by five OEM brands Accfly, Elite Security, Genbolt, ieGeek, and SV3C. It also impacted more than 30 additional brands, including Alptop, Besdersec, COOAU, CPVAN, Ctronics, etc.
Security issues with unsecured cameras
In the recent past, there have been several incidents when security cameras were found to be vulnerable to hacking attacks and espionage.
- In December 2019, unknown hackers had hacked the security camera system at Lang Suan Prison in the southern province of Chumphon, exposing the prison’s internal environment on the internet.
- In the same month, hackers compromised login credentials for 3,672 Ring camera owners and exposed their personal information online.
- In October 2019, security cameras used in the aviation industry were found to be vulnerable to attacks wherein hackers were able to recover private encryption keys.
In March 2020, the National Cyber Security Centre (NCSC) published guidelines for the safety of smart security cameras and baby monitors. Users should change default passwords and keep camera software up-to-date.