Flaw In GoPro Update Mechanism Reveals Users' Wi-Fi Passwords

An anonymous reader writes A vulnerability in the update mechanism for the wireless networks operated by GoPro cameras has allowed a security researcher to easily harvest over a 1,000 login credentials (including his own). The popular rugged, wearable cameras can be controlled via an app, but in order to do so the user has to connect to the camera's Wi-Fi network. Israel-based infosec expert Ilya Chernyakov discovered the flaw when he had to access the network of a friend's camera, but the friend forgot the login credentials.

Poor QA from GoPro is par for the course

[sdguero]

tl;dr GoPro is a shady company that screwed me and a bunch of other customer over witt poor QA
After working with GoPro support, engineering, and getting an email from their CEO blaming the issue on everything from my computer, to SanDisk cards, to a firmware problem; I finally gave up on that company. They wasted over 40 hours of my life on that stupid camera. And while I eventually got a store credit for it (after 3 exchanges, tHank you Best Buy!) I'm still stuck with $100 in accessories and I have sworn never to do business with GoPro again.