Coding flaw put GoPro privacy at risk, researcher says

Even GoPro is apparently coping with security flaws.

People using the popular cameras were once at risk of having nearby users access their private videos, a security researcher revealed.

{mosads}Ilya Chernyakov, an Israel-based information security expert, discovered a vulnerability in which GoPro users could harvest Wi-Fi names and passwords for other nearby GoPro devices. Using the credentials would allow a hacker to view other users’ videos.

“GoPro made a very cool product. Lots of people love it and use it every day, so GoPro should protect our data and settings,” Chernyakov wrote in a blog post on Sunday.

The flaw, which has since been fixed, was found in the process of trying to connect an older-model GoPro camera to the company’s mobile app.

The camera creates its own Wi-Fi network, and a user that does not know the network password is able to change it with a ZIP file downloaded from GoPro’s website.

That ZIP file was the source of the risk, according to Chernyakov, who was able to input different numbers into the download file name and gather Wi-Fi passwords for 1,000 random GoPro users. The flaw was reported Wednesday by Security Week.