More than 100,000 wireless cameras in UK homes that are manufactured by China-based company HiChip contain several security flaws that render their owners vulnerable to hacking attacks, consumer group Which? has revealed.
Wireless cameras manufactured by Shenzhen-based HiChip are sold by dozens of brands across the world, and 32 wireless camera brands have either sold or are selling wireless cameras in the UK that contain security flaws. These brands include Alptop, Besdersec, COOAU, CPVAN, Ctronics, Dericam, Jennov, LEFTEK, Luowice, QZT and Tenvis.
A large number of wireless cameras manufactured by HiChip are also available to purchase at cheap prices on online marketplaces like Amazon, eBay, Wish and AliExpress. According to Which? security flaws in these cameras allow hackers to find the exact location of the user’s home, target other devices linked to their home broadband network, and even access live footage and speak via the camera’s microphone.
The consumer group found that hackers can use Unique Identification numbers (UID) of wireless cameras to target users of the popular CamHi app when they connect to the camera. The UID numbers are often found on a sticker on the side of the cameras and are, therefore, easily discoverable. Through the CamHi app, hackers can access a device’s username and password and ultimately gain full access to wireless cameras.
“People may believe they are picking up a bargain wireless camera that can bring a sense of security – when in fact they could be unwittingly inviting hackers into their home or workplace. Anyone who has one of these cameras in their home should turn it off and stop using it immediately, while all consumers should be careful when shopping around – cheap isn’t always cheerful, especially when it comes to unknown brands,” said Kate Bevan, Which? Computing Editor.
“The government must push forward with its plans for legislation to require connected devices to meet certain security standards and ensure this is backed by strong enforcement,” Bevan added.
According to the consumer group, as many as 23 brands are selling HiChip-manufactured wireless cameras on Amazon UK and 19 of them are selling them on eBay. Both Amazon and eBay have refused to remove the listings for these cameras but eBay is asking buyers to take appropriate security precautions when using these products.
Commenting on hundreds of thousands of Brits becoming vulnerable to cyber attacks due to security flaws in HiChip cameras, Kiri Addison, Head of Data Science for Threat Intelligence and Overwatch at Mimecast, said that apart from gaining access to the network, internet enabled security cameras can be exploited in a number of other ways, including shoulder surfing to gain information such as credentials, monitoring victims and collating information that can be used to create convincing phishing attacks and cameras with microphones can be used to spy on meetings and gain sensitive information.