Significant security bugs in common smart doorbells are placing customers at risk of being attacked inside their homes by hackers.
The consumer group claims computers sold on sites such as Amazon and eBay may easily be compromised by hackers or turned off.
It is calling for new regulations from the government to protect customers.
In reaction to the results, Amazon has pulled at least seven product pages.
The watchdog tested 11 devices which were purchased from popular online marketplaces in the UK. Brands included Qihoo, Ctronics and Victure.
It found that among the most common flaws were weak password policies, and a lack of data encryption.
Two of the devices in the test could be manipulated to steal network passwords and then hack other smart devices within the home.
Amazon UK’s current number one bestseller in smart doorbells, the Victure Smart Video Doorbell, was found to send users’ home network names and passwords unencrypted to servers in China.
11 devices that were bought from popular online markets in the UK were tested by the watchdog. Among the brands were Qihoo, Ctronics and Victure.
It found that weak password policies, and a lack of data encryption, were among the most common flaws.
In order to steal network passwords and then hack other intelligent devices within the home, two of the devices in the test could be manipulated.
Amazon UK’s current number one bestseller in smart doorbells, the Victure Smart Video Doorbell, was found to send users’ home network names and passwords unencrypted to servers in China.
More INFO: Best Awarded Video Doorbell 2019
More INFO: Smart Home Wireless Video Doorbell
Convenience v Security
Lisa Forte, a partner at Red Goat Cyber Security, which specialises in cyber-security testing, said consumers may inadvertently be putting convenience before security.
“Generally speaking the more convenient something is, the less secure it is,” she told the BBC.
“The more connected devices you have in your home, the more ‘doors’ there are for cyber-criminals to open. This investigation highlights how many brands aren’t putting the security of their customers first.
“If you have decided to purchase a smart doorbell, make sure it is from a well-known, trusted brand. When you set it up change the default password to something long, and if possible enable two-factor authentication in the set-up,” she added.
Two-factor authentication (2FA) is when a secondary step, like a code sent as an email or text, is introduced to the log-in process.
While Amazon removed several products from sale, eBay told Which? that none of the findings violated its own safety standards.
A spokesman for the marketplace said the flaws represented “technical product issues that should be addressed with the seller or manufacturer”.
“Government legislation to tackle unsecure products should be introduced without delay and must be backed by an enforcement body with teeth that is able to crack down on these devices.”
About The Author
Hassan Zaka
I am an expert in accounting and possess diverse experience in technical writing. I have written for various industries on topics such as finance, business, and technology. My writing style is clear and simple, and I utilize infographics and diagrams to make my writing more engaging. I can be a valuable asset to any organization in need of technical writing services.
Follow Us:LinkedinTwitter
I have a question related to my password on my Smart Phone that I’ve just set up for XSH Cam app! Doorbell is working fine and device is there but app is telling me I have not put in correct password and therefore I cannot do anything to answer door, app just keeps going back to input password page, with only either an apply or close button. Having only just set this app up I know my password but app keeps telling me it is wrong, which is very frustrating! How do I get this sorted? Any advice gratefully received
Unfortunately, if a password is forgotten, there is no way to restore it, because this will undermine the protection of the camera.
The default username and password for the camera will be “admin” e.g.:
Username: admin
Password: admin
We suggest first trying these to see if they encourage you to login.
All this must be entered in lowercase and double checked as certain smartphones such as iPhones/iPads would automatically set the first letter to uppercase.
2nd option
Reset your cam it will reset it to factory defaults (and will lose the WiFi details you currently have set) so you should only perform a reset while your camera is connected to your router with an ethernet cable
once the camera is reset can you log in to the camera interface using the default username and password which is “admin”
As the camera has been reset it will be at the factory defaults once again, so you will need to setup your camera again with the WiFi details, etc. as if from new.