GoPro cameras 'could be used to spy on owners'

anvilfour

A security firm has warned it is "too easy" for criminals to take control of GoPro cameras which could then be used to spy on their owners.



Pen Test Partners showed the BBC how it could gain access to a Hero4 camera that appeared to be turned off, to secretly watch or eavesdrop on users, or to view and delete existing videos.



The attack relied on victims setting simple passwords which could be guessed by software within seconds.


GoPro said its security was adequate.

Full article : http://www.bbc.com/news/technology-32934083

anvilfour

On the face of it, it seems that there's no particular reason to pick on the Go Pro. The issue has to do with weak wireless keys which are a problem no matter what wireless device you use surely?

syklops

The attack relied on victims setting simple passwords which could be guessed by software within seconds.

GoPro said its security was adequate.

I'd be inclined to agree with them. I don't know why they are being singled out. Where does personal responsibility come in to play?

anvilfour

syklops wrote: »

I'd be inclined to agree with them. I don't know why they are being singled out. Where does personal responsibility come in to play?

Careful we don't want to be accused of "victim blaming"! :-D

syklops

If the GoPro vulnerability is something like it cant accept a long password, or comes with authentication turned off by default or something then I can understand them being singled out. If its a case of people using well known passwords, or choosing to leave it blank then I dont see why the vendor should be blamed.

BoB_BoT

syklops wrote: »

If the GoPro vulnerability is something like it cant accept a long password, or comes with authentication turned off by default or something then I can understand them being singled out. If its a case of people using well known passwords, or choosing to leave it blank then I dont see why the vendor should be blamed.

I've disabled the breaks on my car, therefore the manufacture is responsible type attitude.

The only thing I don't like with modern technology, especially in webcams/cameras, is that the leds are programmable. Older cameras used to have it as part of the circuit, so if the camera was on, the led had to be on to complete the circuit.

I used to laugh at people who blocked out their webcam on laptops / mobile devices, not any more.

timmywex

GoPro came out and said they use WPA2-PSK, so I can't really see what more they can do. If people want to pick easy to remember passwords that's what they're going to do!

harney

timmywex wrote: »

GoPro came out and said they use WPA2-PSK, so I can't really see what more they can do. If people want to pick easy to remember passwords that's what they're going to do!

Agreed, they also said they require the user to set a password of a certain length.

We require our customers to create a password 8-16 characters in length; it's their choice to decide how complex they want it to be.

anvilfour

harney wrote: »

Agreed, they also said they require the user to set a password of a certain length.

What else can you do after all? Most people use the default password which came with their device... maybe make it mandatory to change the password on setup? Still wouldn't stop people using easy to guess ones mind you!