15th March 2023 – (Hong Kong) According to the Consumer Council, 90% of home surveillance cameras tested have network security vulnerabilities, including unencrypted images and easily hackable passwords. The Council is urging manufacturers to incorporate designs that defend against violent attacks and to encrypt data and videos for greater protection.
The Consumer Council tested 10 different home surveillance cameras ranging in price from HK$269 to HK$1,888 and found that all except the most expensive camera had network security issues. Four of the samples, namely “imou”, “TP-Link”, “EZVIZ” and “D-Link”, did not use the Secure Real-time Transport Protocol (SRTP), which provides data encryption and message authentication, and instead used the lower security Real-time Transport Protocol (RTP). During transmission, the video data was not encrypted, leaving it open to hacking and easy to spy on. Furthermore, “reolink” used the Hypertext Transfer Protocol (HTTP) to transmit data when connected to a user’s Wi-Fi network, leaving sensitive information unencrypted and susceptible to theft. Manufacturers could provide greater privacy protection by switching to the more secure Hypertext Transfer Protocol Secure (HTTPS).
In the event of a hack attempt, longer and more complex passwords require more time to crack. However, three samples in the test were susceptible to “brute force attacks” during real-time dynamic video streaming. Hackers could use automated tools and programs to repeatedly attempt all possible password combinations in an attempt to crack the password. Two of the cameras had default passwords consisting of only six digits or letters, making them very weak and easily hackable, thereby exposing the video feed to theft. In addition, one camera was vulnerable to hackers repeatedly attempting to steal account information when logging in via the mobile app.
The Consumer Council did not list any responses from the manufacturers. Therefore, it is vital for consumers to be vigilant and take precautions to safeguard their home surveillance cameras against possible cyber-attacks. This includes changing default passwords and using longer, more complex ones, regularly updating software and firmware, and using encryption protocols such as SRTP and HTTPS. By taking these steps, users can protect their privacy and prevent hackers from gaining unauthorised access to their home surveillance cameras.