Wishy-password protection of endangered GoPro photographer
Sports cameras GoPro can be controlled according to a British IT security company from attackers remote. In front of the cameras of the BBC, an employee of the firm Pen Test Partners, how he was able to wirelessly access a Hero4 camera showed. Even though it was turned off, apparently, could the attacker picture and sound signals intercept.
Reason of a defective fuse of the wireless data transmission of the camera, such as in conjunction with a mobile phone or Tablet is used according to the report. The password protection was so bad, the expert says that he could be undermined within seconds of a specialized Software, which tasted possible combinations.
The Design of the camera is also problematic, since a wireless data connection active even when the device was turned off. As long as the cameras sends and receives data, it could disable a Hacker with a minimum of effort, and all of you: turn the camera on, your “REC”indicator and then unnoticed, the video data.
The security of the password is a customer makes a decision
The manufacturer GoPro is defending itself against the allegations: “We use as a safety Protocol, the industry standard WPA2-PSK (pre-shared key),” – said in a statement at the BBC. “We demand from our customers, you first have to create an 8-to 16-character long password; it is your decision to want to have, how complex it is.”
As for “all other password-protected devices and services” is a user more vulnerable to such attacks, if he choose a password that is easy to guess.
A good Argument – but it is not obscured that a simple Wi-Fi protection with a password is secure enough. Crack-attacks on WPA2-secured Wi-Fi networks are instructions for Theft, it is in an easily understandable Form as Online and video course. The customer is not so slide alone the blame, because there might be too simple passwords.
Especially since this was not the first security problem for the company: in March of this year, it was announced that the Wi-Fi passwords of GoPro-made devices directly from the company’s Website read. After becoming aware of the Tricks GoPro stuffed, but this vulnerability.