Vulnerable security cameras could give hackers access to the live footage and enable them to spy on homes or offices, as well as communication capability with people around using in-built microphones.
In June 2020, the consumer watchdog ‘Which?’ found critical security flaws in indoor security cameras, produced by Chinese firm HiChip. These vulnerable wireless cameras are commercially available on Amazon, eBay, Wish.com, AliExpress, and other online marketplaces.
- In total, around 3.5 million vulnerable security cameras developed by 47 different brands, that are currently used in homes and offices, were found vulnerable.
- The use of a protocol called iLnkP2P, by hundreds of other brands, made devices vulnerable to two flaws (CVE-2019-11219 and CVE-2019-11220), and difficult to be identified.
- Accessing the security cameras using the CamHi app could expose the device owners to attackers.
- The flaws were tested and verified in the security cameras by five OEM brands Accfly, Elite Security, Genbolt, ieGeek, and SV3C. It also impacted more than 30 additional brands, including Alptop, Besdersec, COOAU, CPVAN, Ctronics, etc.