A security company has issued a warning to all GoPro camera users that it is "too easy" for hackers to take control of the devices, which could then be used to spy on users.
The company, Pen Test Partners, revealed to BBC the ease through which it was able to access a GoPro Hero 4 camera, which looked it was turned off. The camera was used to watch and eavesdrop on the device owners in secret, with the hackers also able to watch the videos stored on the camera and delete them.
The attack on the GoPro camera relied on users settings passwords that are too simple, which certain software can guess in just seconds.
Pen Test Partners' Ken Munro said that with the way GoPro cameras are set up, a wireless connection to the device could remain even if the power button has been pressed to turn off the camera.
Munro showed BBC how we was able to access the device, but was able to turn off the camera's recording lights so that the user would not see that it is operational. Munro was then able to send a stream to his mobile phone on what the GoPro camera sees.
For hackers to take control of a GoPro camera, they would have to intercept and then crack the Wi-Fi key of the device. The key is encrypted, and is set up by users when they choose to connect the device to another mobile gadget such as a smartphone.
To show how easy the hack can be done, Munro used only his laptop and free software in the demonstration of the vulnerability. Using this software, Munro was able to crack the previously set password of "sausages" in less than a minute, as the software is capable of trying out thousands of passwords per second using a database of commonly used ones.
Munro made the demonstration as he is looking for GoPro to make more efforts in encouraging users to set much stronger passwords on their cameras. Munro warns that hackers are increasingly looking to crack passwords in attempts to break into user accounts.
"We follow the industry-standard security protocol called WPA2-PSK (pre-shared key) mode," said GoPro to BBC as a response to the demonstration of Munro and Pen Test Partners.
GoPro simply said that it was the choice of users to make their passwords as simple or as complex as they want.