Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

100,000 cheap wireless cameras sold in the UK are vulnerable to hacking

Written by  Jun 12, 2020

Consumer advocacy organisation Which? has issued a warning over the security of wireless camera brands made by China-based HiChip.

They urged the owners of more than 100,000 devices thought to be active in the UK to stop using their cameras immediately.

The flaws affect both the devices themselves and their accompanying CamHi smartphone app, said Which?. The organisation worked to verify the flaw alongside security researcher and camera specialist Paul Marrapese, and found it in five cameras from OEM brands Accfly, Elite Security, ieGeek, Genbolt and SV3C.

It may also exist in over 30 other brands that have been, at one time or another, sold into the UK. These include Alptop, Besdersec, COOAU, CPVAB, Ctronics, Dericam, Jennov, LETEK, Luowice, QZT and Tenvis.

Which?, working with US-based security expert Marrapese, tested and verified this security flaw in five wireless cameras from Accfly, Elite Security, ieGeek, Genbolt and SV3C – all of which were bought from Amazon and available on other online marketplaces. None of the brands meets the basic three requirements for the UK government’s planned internet of things (IoT) device security legislation.

Advertisement

Norton 360 Deluxe 2020, Antivirus software for 5 Devices and 1-year subscription with automatic renewal, Includes Secure VPN and Password Manager, PC/Mac/iOS/Android, Activation Code by email
amazon uk

The vulnerability centres on weak unique identification numbers (UIDs), which are often found on stickers on the devices themselves, so can easily be discovered and targeted. An attacker could them target app users when they connect to their camera, access their credentials, and gain full access to the device, allowing them to view live footage and even speak via the device’s microphone. Which? warned that changing the password does not stop the exploit.

“People may believe they are picking up a bargain wireless camera that can bring a sense of security – when in fact they could be unwittingly inviting hackers into their home or workplace,” said Kate Bevan, computing editor at Which?.

“Anyone who has one of these cameras in their home should turn it off and stop using it immediately, while all consumers should be careful when shopping around – cheap isn’t always cheerful, especially when it comes to unknown brands.”

A HiChip spokesperson said: “HiChip has focused on IP camera R&D for more than 10 years and continues to improve the security of the cameras. We encrypt all the commands and data with [advanced encryption standard] AES128 between the camera and the APP, above the P2P transferring layer. So our cameras have very low security risk about the end-user’s privacy.”

Nevertheless, the Shenzhen-based company is now working alongside Marrapese and Which? researchers on a number of proposed updates, although Which? said it had not yet been able to verify that the suggested updates will actually fix any of the vulnerabilities, adding that fundamental flaws might mean the devices could remain at risk even if patched.

cyber hackerAlso see: UK scared cybercriminals will use NHSX Covid-19 Tracing App to launch attacks

The various brands are sold into the UK on a number of e-commerce websites, including AliExpress, Amazon, and eBay, which were also contacted about the flaws.

An AliExpress spokesperson said: “AliExpress takes product safety very seriously. We have strict platform rules that require all third-party merchants to comply with all applicable local laws and regulations. We work hard to ensure that consumers are protected on our platform.”

eBay said: “These cameras that Which? is concerned might put users at risk are all legal to sell in the UK, and comply with our existing policies. These devices can be used safely if used in a network without an internet connection, for example as baby monitors.

“We encourage people who purchase any wireless camera product on eBay to take appropriate security precautions, in the same way they would with any smart home devices, online email or social media account.

hacker2
Also see: Self-employed targeted by hackers with HMRC SMS phishing scam

“Sellers on eBay have to comply with any applicable law. So if the UK government introduces new regulations in this area, sellers will, of course, have to comply with them. Any listings on our platform that do not comply with UK regulations or that violate our policies will be removed, with appropriate enforcement action taken against sellers.”

Which? noted that Amazon declined to comment or to remove any of the listings from its site.


Peter Flynn

Creator and director of IT Security Centre UK.

I have worked in the IT industry for many years and developed my IT security skills in particular. As this area has always been of interest to me and is more important now than ever.

Contributors

We would like to invite IT Security Professionals from the UK to join our other contributors in providing high quality articles for our website.

To enhance IT Security Centres credentials and to offer an opportunity for other IT Professionals and IT Companies to share their work, information and ideas.

We are always happy to hear from other IT Security Professionals and look forward to your incite. please contact us for more information.

Popular News

Jun 13, 2020 IT Security News

Microsoft announces major issue in Windows 10 June 2020 updates

On 9th June, 2020, Microsoft released cumulative updates for supported versions of Windows 10 including version 2004, ve...

Jun 12, 2020 Cyber Security

NHS email service fooled users in phishing attack

NHS Digital is contacting users of its NHSmail email system after a small number of mailboxes were compromised in a gene...

Jun 09, 2020 Cyber Threats

Common types of cyber-attacks and how to avoid them

With cyber-attacks on the rise, businesses are constantly worried about losing vital data and the threat is very real. ...

Jun 12, 2020 IT Security News

100,000 cheap wireless cameras sold in the UK are vulnerable to hacking

Consumer advocacy organisation Which? has issued a warning over the security of wireless camera brands made by China-bas...

Jul 23, 2020 Cyber Security

Many cyber attacks on UK sports industry says report

At large percentage of sporting institutions, organisations and teams in the UK have suffered a security incident in the...

Jun 09, 2020 IT Security News

Self-employed targeted by hackers with HMRC SMS phishing scam

Cyber criminals have launched a new phishing scam designed to steal personal and financial details of millions of self-e...

Jun 25, 2020 IT Security News

NCSC catch a million phish

The National Cyber Security Centre has received the millionth submission to its Suspicious Email Reporting Service. ...

Jun 08, 2020 Cyber Security

Ransomware attack compensation: What the UK public think

UK consumers believes businesses should stand their ground having suffered a ransomware attack and refuse to negotiate w...

Jun 11, 2020 IT Security News

UK government still can’t decide how NHS contact tracing app should work

A new report today says that the UK government still hasn’t decided exactly how its NHS contact tracing app should wor...

Jun 10, 2020 IT Security News

Is your boss spying on you whilst you are homeworking?

The recent worldwide move to working from home has caused concern amongst employers.

Jun 27, 2020 IT Security News

Apple devices to get encrypted DNS

Apple this year will boldly go where its peers have gone before by implementing support for encrypted DNS in iOS and mac...

Jun 16, 2020 Internet of Things

Ripple20 Bug Exposes Millions of IoT Devices

Exactly how many of the devices that include Ripple20 bugs are directly hackable via the internet remains far from clear...

Jun 12, 2020 Cyber Security

Cybersecurity in the shortsighted gig economy

The ‘gig’ economy encompasses the increasing economic trend for professionals to take on a series of temporary work ...

Jun 08, 2020 Data Security

IBM data encryption is progressing

IBM is making a move forward with its homomorphic encryption (FHE) solution, providing encryption for in-use and shared ...

Jun 11, 2020 Cyber Security

UK government to fund nine cyber security projects

The government is to invest £10m through March 2024 from various sources to fund nine academic cyber security projects ...

Jun 12, 2020 IT Security News

Good reasons to use a proxy server

A proxy server – is a computer on the internet which acts as a middle-man between your computer and the website or ser...

Advertisement
Symantec Home 120x60

Advertisement