- Several widely used dash cams carry important security and data privacy flaws or weaknesses.
- While some are worst than others, almost all vendors were found to be susceptible to at least one kind of hacker attack.
- Garmin was the only manufacturer who responded to the reports and promised to fix the discovered issues.
Dash cameras are useful for when you need to prove something to your insurer or the traffic police, and if you’re using a model that features GPS tracking, it’s also helpful for getting emergency services at the spot in no time. However, as UK’s consumer protection organization ‘Which?’ warns, dash cam manufacturers aren’t exactly doing their best when it comes to data privacy and security. The Which? team tested popular and widely used models in the market, and here’s what it found.
Products from Garmin, Halfords, Kitvision, MiVue, Road Angel, Transcend, and Viofo are generally using weak default passwords to enable the owner to connect them with the pairing smartphone app. This has the implication of having someone else connect to your dash cam and draw any stored data from it. On the other hand, Nextbase and BlackVue used strong passwords that are difficult to crack, while the former set up a new password with every connection.
The second issue found by Which? is the encryption used by the dash cams, which was below par for the most part. Garmin, Halfords, and MiVue used obsolete encryption algorithms that are considered weak by today’s standards. This opens up the door to man-in-the-middle attacks that would give hackers a live video feed or stored clips in “viewable” form. BlackVue and Nextbase incorporated strong encryption on their cameras but failed to do the same for the data that travels between the product and the control app.
Thirdly, there’s the matter of server protection, which as Which? found out, shouldn’t be taken for granted. In the case of Viofo, the investigators discovered that it was possible to access their online database due to a misconfiguration. This database contained quite a lot of user-related things such as account information, dash cam recordings, and other private stuff.
Which? has reported all the above to the dash cam vendors, but only two of them responded. Garmin has identified the security liabilities and promised to patch the issues in the upcoming update. As such, if you’re using a Garmin dash cam, make sure to apply any updates that will arrive in the following weeks. Halfords, on the other hand, dismissed the Which? reports as non-important and stated that it meets the standards required by law both on the dash cam and the accompanying app. The rest of the manufacturers mentioned in this report didn’t respond to the consumer protection organization.