A British security firm discovered that it is “too easy” for hackers to take control of GoPro Hero4 cameras and use them to spy on their owners, the BBC reported yesterday.
Pen Test Partners demonstrated to the BBC how easily they could gain control of a Hero4 camera even though it appeared to be turned off, and use it to watch and listen to whoever was in the same room as the camera, and view or delete any videos stored on it.
For the most part, Pen Test was able to hack into cameras whose owners had set very simple passwords, simple enough for software to break it within a matter of seconds.
In one example for the BBC, a camera had been set with the password “Sausages” and Pen Test, using password-guessing software freely available online, was able to get the password in less than one minute.
GoPro responded with a statement saying its security measures were adequate, and that “We require our customers to create a password 8-16 characters in length; it's their choice to decide how complex they want it to be. As is true of all password-protected devices and services, if a password is easily guessable, a user is more prone to someone predicting what it is.”