Risk of data leaks as only 1 out of 10 tested home surveillance cameras meet European cybersecurity standards: Hong Kong consumer watchdog
- Nine devices did not defend against ‘brute-force attacks’ by hackers used to crack passwords, Consumer Council says
- Login security of four models is weak, two of which have six-digit limit on passwords, according to watchdog
Home surveillance cameras expose users to privacy risks from data leaks as only one out of 10 tested devices complied with European cybersecurity standards, Hong Kong’s consumer watchdog has found.
The Consumer Council on Wednesday said its study looked into the devices’ protection against hackers, hardware design and the security of data and apps, while referencing European cybersecurity standards.
Victor Lui Wing-cheong, the council’s vice-chairman of the research and testing committee, revealed only one of the tested cameras met the standards.
“The other nine samples posed various cybersecurity concerns, including transmission of videos and data without encryption and failure to defend against ‘brute-force attacks’ by hackers to crack passwords,” he said, referring to a method used to determine passwords, login credentials and encryption keys through trial and error.
The tested devices all had two-way audio, motion detection, night vision and voice control. They were priced between HK$269 (US$34) and HK$1,888.
Four of them did not encrypt data when sending real-time images, while one did not use encrypted transmission when connecting to home Wi-fi, making it easier for hackers to steal account information from the router.
Login security was weaker for the other four models, two of which had a six-digit limit on passwords. Another model did not restrict login attempts, which would allow hackers to make repeated efforts to gain access.