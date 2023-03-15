Home surveillance cameras expose users to privacy risks from data leaks as only one out of 10 tested devices complied with European cybersecurity standards, Hong Kong’s consumer watchdog has found. The Consumer Council said on Wednesday that its study looked into the devices’ protection against hackers, hardware design and the security of data and apps, while referencing European cybersecurity standards. Lui Wing-cheong, the council’s vice-chairman of the research and testing committee, revealed only one of the tested cameras met the standards. “The other nine samples posed various cybersecurity concerns, including transmission of videos and data without encryption and failure of defending against ‘brute-force attacks’ by hackers to crack passwords,” he said, referring to a method used to determine passwords, login credentials and encryption keys through trial-and-error. The tested devices all had two-way audio, motion detection, night vision and voice control. They were priced between HK$269 (US$34) and HK$1,888. Four of them did not encrypt data when sending real-time images, while one did not use encrypted transmission when connecting to home Wi-fi, making it easier for hackers to steal account information from the router. Contaminants found in nearly half of dried meat samples tested: Hong Kong watchdog Login security of the other four models was weaker, two of which had a six-digit limit on passwords. Another model did not restrict login attempts, which allows hackers to make repeated efforts to gain access. “The council advises manufacturers to introduce anti-brute-force attacks design for live video streaming and account login, such as using multi-factor authentication, limiting login attempts and locking the account automatically after multiple failed logins from the same IP address,” Lui said. He added manufacturers should also increase the length and complexity of the default passwords for security reasons. Hong Kong police and Interpol uncover servers used by global phishing syndicate The study also found the security of in-app data storage in the tested models was inadequate as sensitive information such as email addresses, account IDs or passwords were stored without encryption for a certain period of time, resulting in a higher risk of hacking. Gilly Wong Fung-hang, the council’s chief executive, urged manufacturers to be more responsible to ensure the safety of their cameras and apps. “For a highly secure device, it requires very good design making sure it can pass the tests on different standards. Manufacturers have to put forward good enough information for consumers to make the choice and also to teach them how to protect themselves,” Wong said. “Based on the not-so-satisfactory result from the test, the manufacturers need to take immediate action to improve their products,” she added.