Hackers could be WATCHING you using your GoPro camera, warn experts

GoPro cameras are very popular and used for many of the great action videos flooding the Internet.  Unfortunately, that popularity also comes with a vulnerability that allows a hostile actor to easily access the cameras. Pen Test Partners recently demonstrated that a hostile actor can hijack a GoPro camera to then stream live footage or delete the contents. Within seconds the security researchers demonstrated an attacker can covertly take over and begin recording video without the knowledge of the camera’s owner.  What makes this vulnerability even more alarming is that the cameras are designed to maintain a wireless connection even if the camera is turned off.  This means that even if you turn your GoPro off it could be compromised to watch what you are doing.

To take control of the camera a hostile actor must first crack the wi-fi key for the device. In the demonstration the researchers used a freely available tool that conducts dictionary look up attack on the key. In most cases, GoPro users often set the password to a default setting or a use a simple word.  The use of the default setting or a simple word makes it very easy for a dictionary attack to exploit the wi-fi key and compromise the system.

This vulnerability in the GoPro camera leverages poor security choices by the user.  This is an example why it is important to change default passwords with something strong and complex to prevent simple dictionary attacks.


Post by Remote Process