Security researchers find that hackers could be watching you through your GoPro camera
GoPro Inc.’s popular action cameras may be possible victim of cyber-hacking by criminals. A security analyst company, Pen Test Partners, revealed to BBC how easy it is to hack a GoPro camera. The security company has also issued a cautionary advice to all GoPro camera users that hackers can easily take control of the devices, which could then be used to spy on users.
In the video, the firm showed hacking into a GoPro Hero4 camera to secretly listen to conversation of device owners, and with the hackers able to view files and videos on the camera and delete them. During the entire time, the device will look as if it is turned off.
The hackers used a certain software to run possible password combinations, which are really simple and easy to guess in just seconds. The security firm said that as users keep really simple passwords, it becomes easy to hack and this in turn could be dangerous. At the same time, GoPro stated that they are unaffected by attacks like these, as their security was up to the mark.
Pen Test Partners’ Ken Munro said that how a wireless connection is used to set up a GoPro camera. There are occurrences when a wireless connection to the device could remain even if the power button has been pressed to turn off the camera.
Mr. Munro showed BBC how the recording was being streamed onto his mobile phone. He also showed how we was able to access the device, but turn off its entire indicator lights so that the user would not see that it is operational and start recording secretly. To take control of a GoPro camera, the hackers would have to intercept and then crack the Wi-Fi key of the device, he further added. The key is encrypted, and is set up by users when they choose to connect the device to another mobile gadget such as a smartphone.
The security analyst and his team used a free online software to guess the key’s password. Using this software, Munro was able to crack the previously set password of “sausages” in just a few seconds. The software has the capacity to try out thousands of passwords per second using a database of commonly used ones. He further stated “Cybercriminals are increasingly turning to cracking passwords to gain access to accounts,” and warned GoPro users to set better passwords to keep their devices safe from hacking.
Munro made the demonstration as he is looking for GoPro to make more efforts in encouraging users to set passwords that should be 8-16 characters long and the password strength should be based on the uniqueness of the number and word combinations. The company mentioned: “As is true of all password-protected devices and services, if a password is easily guessable, a user is more prone to someone predicting what it is.”
In response to the demonstration of Munro and Pen Test Partners, GoPro responded to BBC as follows: “We follow the industry-standard security protocol called WPA2-PSK (pre-shared key) mode. Wi-Fi-enabled devices must provide the user’s password to access the Hero4 Wi-Fi network. This is the same as other Wi-Fi networks using that protocol.” It was the choice of the users to make their passwords simple or complicated stated GoPro.
The 21st century where we are living is not only going through a lot of major changes, but also is being controlled by the Internet of Things; however, one of the main concerns that remains is the systems’ susceptibility. Cyber-attacks can only be tackled if a proper check and balance is ensured.