As many as 3.5 million wireless home security cameras worldwide are at risk of being compromised by cybercriminals due to serious design and software flaws, according to a new study by Which? a UK-based consumer watchdog group.

Which? found that attackers could use these dangerous vulnerabilities to spy on people, access personal data, and take control of other devices.

Most cameras are available at retailers such as Amazon and eBay, and can be hacked even if users change their passwords.

The researchers said that flaws found in the design and software of these cameras could allow an attacker to: [Of the 3.5 million cameras found, the majority were in Asia. However, an estimated 700,000 were used throughout Europe, and 100,000 were used in the UK.

During the study, Which? researchers teamed up with US security expert Paul Malapese and purchased cameras made by Accfly, Elite Security, Genbolt, ieGeek, and SV3C through Amazon. The results proved to be easy to remotely hack.

The researchers tested five models for this study and estimate that 47 wireless camera brands may have this vulnerability due to shared components and software. [Affected brands include Alptop, Besdersec, COOAU, CPVAN, Ctronics, Dericam, Jennov, LEFTEK, Luowice, QZT, and Tenvis. According to the researchers, any wireless camera that interfaces with the CamHi mobile app and has some sort of unique identification number (UID) can be compromised.

Marrapese explains on his website that the UID should be printed on a sticker or label on the camera, often along with an administrative username and password. His website lists over 100 UID prefixes that indicate a device may be vulnerable.

Kate Bevan, editor of Which? Computing, says: "But in reality, you may be unwittingly inviting hackers into your home or workplace.

"Anyone with such a camera in their home should immediately turn it off and stop using it.

Bevan also called on lawmakers to take action, saying: "The government must push forward with plans to enact legislation requiring that connected devices meet certain security standards and back this up with strong enforcement.