New research from Which? claims a number of home security cameras listed on Amazon contain flaws that could allow hackers to gain access to them.
A number of home security cameras listed and recommended to users on Amazon contain flaws that could be putting customers at risk, Which? has claimed.
New research by the consumer group claims it found security issues in six cameras it tested, despite each of them having “thousands” of positive reviews and featuring an Amazon’s Choice recommendation.
Flaws discovered included the sharing of unencrypted data including Wi-Fi passwords – which could allow hackers to gain access to other devices on a home Wi-Fi network – and weaknesses that could enable strangers to take remote control of a camera feed.
Which? claimed it also carried out further tests alongside a US-based security expert and uncovered an issue it suggests could affect more than 50,000 cameras in the UK and almost 2m worldwide.
The group said it involved a flaw that, if exploited, could allow hackers to remotely access and take control of several home security cameras – many of which are also recommended as a baby monitor.
‘There appears to be little to no quality control with these sub-standard products, which risk people’s security yet are being endorsed and sold on Amazon and finding their way into thousands of homes’
– ADAM FRENCH, WHICH?
Which? also warned that accountability was an issue with a number of the cameras in list of the top 50 most popular devices, with more than 30 having limited contact details – many were registered in China – and could not be reached by the consumer group.
It said a number of the devices and their manufacturers had little or no web presence beyond the online store listing. Many of the cameras appear to be made by lesser-known companies, offering cheaper alternatives to better-known tech brands.
The group’s research named the Victure 1080p, Vstarcam C7837WIP, ieGeek 1080p, Elite Security, Accfly Camhi APP Outdoor Security Camera 1080P and Sricam 720p as those it tested and found issues with.
One device was found to come with a default username and “easily guessable default password”, a practice condemned by government guidelines on internet-connected devices. Which? said it had also presented its findings to Amazon and urged it to remove the items from sale.
In response, an Amazon spokesperson said: “We require all products offered in our store to comply with applicable laws and regulations, and we proactively monitor multiple sources for safety notifications, including from regulatory agencies and direct contacts from brands, manufacturers, and sellers.”
Adam French, consumer rights expert at Which?, said: “There appears to be little to no quality control with these sub-standard products, which risk people’s security yet are being endorsed and sold on Amazon and finding their way into thousands of homes.
“Amazon and other online marketplaces must take these cameras off sale and improve the way they scrutinise these products. They certainly should not be endorsing products that put people’s privacy at risk.
“If they refuse to take more responsibility for protecting consumers against these security risk products then the Government should look to make them more accountable.”
– PA Media