In our recent wireless security camera test, we found that the Hive View security camera was transmitting some unencrypted information, which could leave personal details exposed.
We discovered that the Hive View sent some unencrypted data between the app and the security camera. This means data could be intercepted by an attacker on the same network. This data includes the login details (the user’s email address) along with information on the device connected to the camera, such as its ID and operating system version.
Although the risk of a hacker gaining access to your network is low, it’s our view that the potential repercussions could be very serious. An attacker could easily use your email in phishing attacks – to transmit spyware, for example.
Wireless security camera reviews – find the right model for you.
Updates to the Hive app
When we contacted Hive, it said: ‘We take our customers’ privacy and data protection very seriously – security by design is at the forefront of everything we do at Centrica Hive.’
The company has now made some key changes to its Android app and the updated version is now available to download. After conducting further tests of the update, we can confirm that the camera and associated software satisfactorily meet our expectations for user privacy.
So, if you own a Hive View camera, make sure you update your app to benefit from the changes.
Hive added: ‘Following a recent configuration change to a data analytics service we use, encryption of this data was inadvertently disabled, making it possible to intercept some information, including email address, device ID and operating system used. This was only the case for our Android platform users, who represent about 30% of our customer base.
‘To confirm, this issue is now fixed and we have commissioned an independent specialist third-party security-testing organisation to validate this. We agree that any data breach is serious and a matter we do not take lightly.’
Previous security issues
Our smart thermostats testing has raised similar data security concerns in the past. In 2015, we found that the Hive Active Heating thermostat was sending unencrypted data across the network, and in 2018 we discovered that the Heatmiser SmartStat thermostat was doing the same.
On each occasion we contacted the respective manufacturer with our findings and, as a result, both brands made updates to their apps that made users’ information more secure.
We will continue to work with companies to address our research findings and help them make their products as safe and secure as possible.
To see how the Hive View performed in our tests overall and whether it’s a Best Buy, visit our in-depth Hive View security camera review.
Which? security testing
It’s not just wireless security cameras we screen for data security. Many internet-connected products go through tough security and privacy assessments in our test lab.
You would expect your smart products to keep your information secure, but some may leave your data vulnerable to attack. During our assessments, we try to find any weaknesses in the product or app, such as poor passwords, unencrypted data or technical vulnerabilities.
Where we find severe or critical issues, we contact the manufacturer involved and work with them to fix the problems. When we are satisfied that users won’t be put at risk, such as with the Hive app, we publish our findings. But when the company involved won’t engage with us, we make consumers aware of the potential security risks in their smart home.