A security firm has demonstrated a method of hacking into a GoPro camera which would allow criminals to wirelessly 'spy' on unsuspecting owners without them knowing.
The hack -- demonstrated to the BBC by Pen Test Partners -- was effected by firstly accessing the secure WiFi connection between the camera and its approved devices and then using the WPA2 password that's set up by the customer when they first set up the camera.
To get hold of the WPA2 password the security researchers were able to use a piece of off-the-shelf software which simply uses a database of commonly used passwords to try and find right one.
Based on the fact that the most commonly used password is '123456', the researchers were confident that the standard database would be enough to crack it.
Once accessed Pen Test Partners then demonstrated that the camera could be secretly controlled so that they could activate and then record footage from the camera without the owner knowing.
Now it's important to stress that at this point this is not a vulnerability that's unique to GoPro, it's one that effects any device that's secured by a human-generated password.
Ultimately the security of these devices is only as good as the password that's created for them, so while you can have all the encryption in the world, a password like 'Sausages' isn't going to do you any favours.
According to the BBC, Pen Test Partners chose GoPro because they felt that the company should be doing more to encourage good password practise.
In response GoPro said: "Wi-fi-enabled devices must provide the user's password to access the Hero4 wi-fi network. This is the same as other wi-fi networks using that protocol,"
"We require our customers to create a password 8-16 characters in length; it's their choice to decide how complex they want it to be."
Password Managers: These Can Help You Create The Unbreakable Password