A hacker can break into the GoPro Hero4 and eavesdrop on users, as well as view and delete the content of the camera, BBC reported on Monday.
The “only” thing he has to do is crack the camera’s password.
According to security firm Pen Test Partners, hackers can override GoPro’s Hero4 password protection and gain remote access to the camera, and Ken Munro of Pen Test Partners claims that the problem is related to the way a GoPro syncs to a Wi-Fi network, retaining connectivity even after the power button has been pressed to shut it down.
That way, a hacker with enough knowledge could wake the device up and use it to either look at whatever was recorded on it, or turn it on and eavesdrop on the device’s owner.
Munro demonstrated how a hacker could livestream everything the camera saw to his smartphone.
GoPro, on the other hand, says its security is sound, saying it uses the industry-standard WPA2-PSK encryption.
"Wi-Fi-enabled devices must provide the user's password to access the Hero4 Wi-Fi network. This is the same as other Wi-Fi networks using that protocol," the firm said.
"We require our customers to create a password 8-16 characters in length; it's their choice to decide how complex they want it to be.
"As is true of all password-protected devices and services, if a password is easily guessable, a user is more prone to someone predicting what it is."
Mr Munro wants GoPro to actively encourage users to set stronger passwords.
"Cybercriminals are increasingly turning to cracking passwords to gain access to accounts" he warned.