GoPro cameras are a great way to record thrilling experiences, but if you’re not careful the thrilling experience could be a little closer to home than you intended! A security firm is warning that GoPros can be turned against you, but – whilst it may not be quite as drastic as they’re making out – there are some good security lessons that can be applied to everyday life too!
Security firm Pen Test Partners hacked a GoPro camera whilst on the BBC and said that even if you’ve turned your GoPro off, a quirk of the wireless connection means that attackers might still be able to turn it back on and start streaming a video, or even view and delete your existing vids.
The key to pulling off the stunt was cracking users’ Wi-Fi passwords, and using free specialist software they tried several thousand of the most common passwords, cracking the demo cam’s in seconds.
Off the back of this, the company wants GoPro to encourage its customers to use stronger passwords. “Cybercriminals are increasingly turning to cracking passwords to gain access to accounts” they warned.
GoPro responded to the BBC saying:
“We follow the industry-standard security protocol called WPA2-PSK (pre-shared key) mode. Wi-fi-enabled devices must provide the user’s password to access the Hero4 wi-fi network. This is the same as other wi-fi networks using that protocol.
“We require our customers to create a password 8-16 characters in length; it’s their choice to decide how complex they want it to be.
“As is true of all password-protected devices and services, if a password is easily guessable, a user is more prone to someone predicting what it is.”
According to our security wizards at Secarma, the bottom line is that GoPro isn’t any more vulnerable than anyone else – it’s not a flaw in their system as such – and that if someone did crack your Wi-Fi password, they’d probably head somewhere other than your GoPro first. However, it’s still important to remember that good password practice is key.
How to protect yourself
The important thing is to make sure that your passwords aren’t easily guessable – the technique these guys used went through several thousand of the most common, so you really need to think big on this.
If you’re struggling, UKFast customers can download our password generator for extra help, which you’ll find as a MyUKFast widget or dashboard app. You can set it to different lengths and complexities and generate as many passwords as you like.
As always, keeping antivirus and other software up to date and not clicking on random links in emails is good security practice too!