Here at Winfrasoft we think action cameras are great pieces of kit, whether you want capture for posterity the three-legged race at the school sports day, or are abseiling down a cliff. However, this morning we were as surprised as anyone to learn that the camera and the images, video and audio recorded and stored on them can be vulnerable to attack.
Today, the BBC has reported that the latest Hero4 device from the market leading action camera vendor GoPro could compromised by, yes you guess it weak password security!
In the video report, Ken Munro from Pen Test Partners explains how these cameras uses WiFi to sync with the GoPro app on the users mobile device. Those of you who have an action camera will know that from the app you can have complete control over the cameras features and functions. And it works fantastically well.
The problem is the GoPro app requires a password and as Mr Munro rightly points out, that people typically choose simple passwords. As a result, the ‘intruder’ can take full control of your camera without you knowing! In fact, they were able to crack the password in just a few seconds, using a dictionary attack. As a result the intruder can chose when the camera is switched on or off, can record (both video and audio) and they can even switch off the usual lights and sounds, so you would never know that the camera sat on the table is capturing everything.
Of course, most criminals are not going to be interested in your adrenaline fuelled holiday adventures, but thought of someone possibly listening and watching without you knowing feels somewhat sinister and intrusive. The advice by Pen Test Partners is to make the password as strong as you can, but anyone who reads this blog regularly will know that there really isn’t such a thing. So, if you want to be 100% safe then make sure you have the WiFi setting on your camera switched off.