If you have a doorbell camera, and you’ve ever felt like someone was watching you enter and exit your home, then you were probably right.
Camera brands Eken and Tuck, which both produce a line of doorbell cameras that have been sold by retailers such as Walmart, Shein, Temu, Amazon, etc., have been exposed, along with other brands, for having a major crack in their systems. Doorbell cameras from both brands can easily be hijacked by hackers where they can “take control” of the cameras and spy on whatever surroundings they’re monitoring, according to a new report from Consumer Reports.
Related: Popular home security system let users see inside other people’s homes
In order for a hacker to gain control of the doorbell cameras, all they have to do is download an app on their smartphone called Aiwit. A hacker can then create an account, go to the house with the doorbell camera they are targeting, “hold down the doorbell button to put it into pairing mode” and connect to a Wi-Fi hotspot to control the device, according to the report.
The report also notes that an owner will receive an email once a new device is paired to their doorbell camera, and if the owner re-pairs the device with their phone, it won’t make much of a difference as the hacker may already have the camera’s serial number which will allow them to “remotely access still images from the video feed” without the owner’s knowledge.
Eken and Tuck’s doorbell camera are cheaper options compared to the more popular brands on the market such as Ring, which is owned by Amazon. Both doorbell cameras run for about $15 to $30, most Ring doorbells run for at least $100.
Since Consumer Reports’ findings were released, both Walmart and Temu have confirmed with the news outlet that they have removed both camera brands from their websites citing security concerns.
This is not the first time a home security system has suffered a major security flaw. Earlier this month, home security camera company Wyze suffered a major breach where over 13,000 users had the ability to see inside of other users’ homes. The company blamed the breach on a service outage that was caused by a “third-party caching client library” that was “recently integrated” into Wyze’s system.
“This client library received unprecedented load conditions caused by the devices coming back online all at once,” read the email Wyze sent to users who were affected. “As a result of increased demand, it mixed up device ID and user ID mapping and connected some data to incorrect accounts.”
Related: Veteran fund manager picks favorite stocks for 2024