Skip to content

Something urgent? Call us now! (852) 3416 1711

Ally Law
Boase Cohen & Collins
Blog

When home security is not so smart

By Claire Chow

Hong Kong, 22 March 2023: So-called smart homes have become increasingly popular in recent years, with many households installing surveillance cameras that allow the user to check what is happening at their residence, via mobile phone, while they are out and about. Such devices, which have the capacity to record, are seen as a cost-effective and efficient method of enhancing home security.

But smart homes also carry an element of risk, especially if such devices are not manufactured to meet stringent cyber security and data protection standards. This has been borne out by a Consumer Council investigation which found nine out of ten home surveillance cameras being sold in Hong Kong failed to meet the global requirements laid down by the European Telecommunications Standards Institute. The report shines a light not only on product deficiencies, but also the need for a proper regulatory regime.

The cameras – priced between HK$269 and HK$1,888 – all provided two-way audio, motion detection, night vision and voice control. The Consumer Council commissioned an independent laboratory to test them, with sobering results. It found many of the devices were at the mercy of hackers, transmitted information without encryption and suffered from inadequate data storage security.

Four of the cameras had weak log-in security. Of these, three were susceptible to “brute-force attacks”, a method by which hackers find a password through automated trial and error, with two of the models using only six digits or characters for the default password. The fourth camera allowed unlimited login attempts while the mobile app was in use, so hackers could repeatedly try to steal account information.

The tests also revealed five of the cameras transmitted videos or data without encryption. Of these, four did not encrypt data when sending real-time images, making them vulnerable to hackers who could easily access the video content. The fifth model failed to utilise encrypted transmission when connecting to home Wi-fi, making it more straightforward for hackers to steal account information from the router.

In some instances, there was also an issue with the so-called session key. This is effectively a temporary password, used for encryption and decryption when transmitting data, which should expire each time the user logs out. But three cameras allowed the user to log back in with the old session key. If a hacker stole this code, they could easily pry into someone’s room.

The security of in-app data storage for all ten models was inadequate, the tests revealed. For example, sensitive data such as email addresses, account IDs or passwords were stored in plain text files, which were not protected with encryption, and the relevant data would only be deleted after a certain period.

The Consumer Council also highlighted ethical concerns. It pointed out that all members of the household, including domestic workers, and all visitors should be made aware of the presence of home surveillance cameras. Consideration should be given to the necessity of monitoring, the availability of less privacy-intrusive alternatives, and the proper handling of recorded content.

While calling on manufacturers to take “immediate action” to improve their products, the Consumer Council has also published a security checklist for users which includes the following:

  • Avoid purchasing products without a brand name or from unknown sources;
  • Set a strong password when creating an account and change it regularly;
  • Open the app and activate the camera only when necessary, otherwise keep it turned off;
  • Make good use of functions such as firewalls, network monitoring and activity logs.

Home surveillance cameras are typical Internet of Things (IoT) devices – a term referring to gadgets beyond computers and smartphones that connect wirelessly to a network and have the ability to transmit data. It is estimated there will be some 50 billion IoT devices in use around the world by 2030.

Countries such as Singapore, Germany, Finland and the US have already introduced cyber security labelling for IoT devices. Under such schemes, smart devices are rated according to their levels of cyber security, thus enabling consumers to make better informed decisions when purchasing. The EU has added network and communications security requirements to its Radio Equipment Directive which will become mandatory in August 2024, while the UK is studying to introduce legislation.

The Consumer Council concludes its investigation by recommending the government makes reference to practices in other jurisdictions and introduces relevant schemes or standards suitable for Hong Kong. Until then, citizens are advised to exercise caution when installing and using home surveillance devices.

Claire Chow is an Associate with BC&C, having joined the firm in 2019. She covers a broad range of practice areas including Civil and Commercial Litigation, and Judicial Review. She can be contacted at Claire@boasecohencollins.com.

40+ years of legal experience is just a click away.

Friendly and approachable, we are ready to answer your questions and offer you sound advice.

Contact us now

BC&C-contact-us

News & Knowledge

Learn more about what we do and what we say. Subscribe to our newsletter to ensure you receive our updates.

  • This field is for validation purposes and should be left unchanged.

Taking a chain reaction on the chin

Hong Kong, 15 April 2026: The domino toppling world record stands at 4,491,863 and was achieved in 2009. A team of 90 builders from 14 nations worked for two months setting up the display in the Dutch town of Leeuwarden. When the first piece was pushed over, it triggered a 90-minute chain reaction in which […]

Read more

Law & More: Episode 64 – Yang-Wahn Hew & Azan Marwah

Hong Kong, 13 April 2026: In this episode, we examine sports law, a practice area that is evolving rapidly as Hong Kong builds world-class sports facilities and hosts an increasing number of elite international sporting events. Our Senior Partner Colin Cohen is joined by barristers Yang-Wahn Hew and Azan Marwah to discuss the multiple governance, […]

Read more

A wealth of sound legal advice

By Alex Liu Hong Kong, 10 April 2026: In an increasingly volatile world, Hong Kong offers safety, security and stability. That was the core message delivered at the recent Wealth for Good in Hong Kong (WGHK) Summit, which brought together more than 400 influential family office decision-makers, next-generation successors and industry leaders from around the […]

Read more

Vivian Yu named as BC&C Partner

Hong Kong, 1 April 2026: Boase Cohen & Collins, proud of its reputation for producing homegrown legal talent, is pleased to announce that Vivian Yu has been made a Partner with the firm. Vivian, who joined us from university in 2018, focuses primarily on Insurance & Personal Injury litigation and has experience in dealing with […]

Read more

Red Cross Moot showcases new talent

Hong Kong, 30 March 2026: Colin Cohen has praised the standard of emerging legal talent across Asia Pacific after serving as a judge in the 24th Red Cross International Humanitarian Law Moot. Some 22 law student teams from across the region took part in the annual competition in Hong Kong. “The standard of mooting was […]

Read more
See all news and knowledge
Ally Law