Consumer watchdog Which? warn of hackers hijacking HiChip cameras

It is estimated that around 6,000 people in Scotland own wireless cameras made by the firm and used in CCTV systems, PC cameras, baby monitors and doorbell alarms.

Which? said that hackers were easily able to identify the devices' Unique Identification numbers (UID) and the users exact location.

They could also access all devices linked to the user's home broadband network and changing passwords would not prevent the security flaw.

Which? believe that as many as 47 wireless camera brands worldwide have been identified as potentially having this security flaw, including 32 currently or previously sold in the UK.

Which? Said there are more than 100,000 of the wireless cameras active in the UK, with 6,000 in Scotland including 2,075 in Glasgow and 1,581 in Edinburgh.

Experts warned that attacks can still be exploited even if users change their password.

It is advising anyone who believes their camera could be affected to stop using it immediately.

The consumer organisation is also warning people against buying products with this security flaw, and believes that such devices should not be manufactured and put on sale.

The issue stems from weak Unique Identification numbers (UID), often found on a sticker on the side of the cameras, which can be easily discovered and targeted by hackers.

Kate Bevan, Which's computing editor, said: "People may believe they are picking up a bargain wireless camera that can bring a sense of security - when in fact they could be unwittingly inviting hackers into their home or workplace.

"Anyone who has one of these cameras in their home should turn it off and stop using it immediately, while all consumers should be careful when shopping around - cheap isn't always cheerful, especially when it comes to unknown brands.

"The government must push forward with its plans for legislation to require connected devices to meet certain security standards and ensure this is backed by strong enforcement."

The new report says that using the UID numbers, hackers can target users of the popular CamHi app - used by millions of people to view camera footage - when they connect to their camera.

The attacker can then steal the device's username and password, and use the stolen credentials to gain full access to the camera without the user's knowledge.

Which? believes any wireless camera that uses the CamHi app could be compromised by these flaws.

Around two in three of the brands sold in the UK are currently available at Amazon UK.

Which? reported its concerns and asked Amazon to remove listings while investigating the risk they cause.

More than half of the brands are on sale on eBay who maintained that the devices comply with their existing policies and were safe to use, but encouraged users to take appropriate security precautions.

Which? shared its findings with HiChip, the company behind many of the camera brands affected and the CamiHi app, which is based in Shenzhen - described as China's Silicon Valley - due to its huge market in electronics products.

The company maintained its cameras have "low-security risk", but pledged to work with Which? and a US-based security expert on improvements.

HiChip said: "HiChip has focused on IP camera R&D for more than 10 years and continues to improve the security of the cameras.

"We encrypt all the commands and data with AES128 between the camera and the app, above the P2P transferring layer.

"So our cameras have very low security risk about the end user's privacy."

eBay said: "These cameras that Which? is concerned might put users at risk are all legal to sell in the UK, and comply with our existing policies.

"These devices can be used safely if used in a network without an internet connection, for example as baby monitors.

"We encourage people who purchase any wireless camera product on eBay to take appropriate security precautions, in the same way they would with any smart home devices, online email or social media account."

Amazon has been approached for comment.