Amazon has been recommending products with major security risks
Connected cameras use weak passwords and send unencrypted data
Amazon has been accused of putting shoppers at risk by recommending products with serious security flaws
An investigation by consumer watchdog Which? carried out extensive tests on six wireless cameras recommended by Amazon and found serious security flaws that could leave users exposed to hackers.
This was despite the fact that these devices have thousands of positive reviews and were even able to earn a coveted “Amazon's Choice” recommendation. To make matters worse, many of these devices are marketed as being suitable for use as baby monitors.
- Amazon is launching its own version of Wi-Fi
- Your printer: it's a vulnerable, connected device
- IoT devices becoming an increasing security risk
The investigation found a number of issues including weak passwords and strangers being able to remotely control these cameras to spy on users and access their unencrypted data.
Connected camera security issues
Which? was first alerted to these problems by industry experts and comments in Amazon reviews including a rather shocking one from a father who said he had “chills down his spine” after hearing a mysterious voice coming from a camera next to his child's crib after it was apparently hacked.
Which? carried out lab tests on four cameras suspected of having security issues: the Victure 1080p, Vstarcam C7837WIP, ieGeek 1080p and the Sricam 720p.
It was quite simple for the testers to gain root access to the Victure 1080p which would enable a hacker to take complete control of the camera and view footage captured from the device as they pleased. The Vstarcam C7837 had a default username that was set to the basic 'admin' as well as an easily guessable default password.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The ieGeek 1080p and Sricam 720p cameras both use the same app and because of this, both devices share the same security flaw. Which? found that WiFi passwords were sent unencrypted over the internet when a user entered them on both devices. This would enable an attacker to access the user's home WiFi network to see what users are doing on the web and even gain access to data stored on other devices in their home.
Some of the cameras the consumer association looked into even had their passwords and usernames written clearly on the side of the product and users frequently uploaded pictures of them alongside reviews. This opens up users of these devices to potential attacks regardless of whether or not the posted the picture as once the information is out there, hackers can easily use it to their advantage.
Which? has asked Amazon to remove these products from its store but when the group reached out to the e-commerce giant, the company declined to comment.
- We've also highlighted the best VPN services of 2019
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.