submit@infiniteprivacy.com
Home Defense

Serious Security and Privacy Risks with Internet Connected Baby Monitors

The Redacted Brief
While baby monitors are an incredible asset when it comes to taking care of our infants, they can pose a major risk when it comes to privacy and security. The device “Mi-Cam” from miSafes has been shown to have critical security vulnerabilities. Hackers could use the baby monitor as a point of entry and hijack accounts connected to it.

Over 52,000 devices have been affected, as well as their user accounts. And while the issues have been identified and forwarded to miSafes, the company is yet to respond. Because of this, it is recommended that you keep your video baby monitor offline for now.

The recent trend of IoT devices has affected the baby monitor market as well. Nowadays, models are coming out with new features supported by internet connectivity. They are being rolled out by both new companies as well as long-established ones. These new competitors have caused short-term positive effects to occur, such as price drops and special offers. However, these features and conveniences come with crucial risks that shouldn’t be overlooked.

Mi-Cam’s HTTPS traffic cannot be observed without a valid SSL certificate. However, this certificate is the same for all baby monitors around the world. All a hacker really needs to do is to enable the private static key, which has been proven to be possible, and they’ll be able to intercept the device’s communication.

The vulnerabilities that allow this to happen include outdated and vulnerable software, easily breakable passwords, weak default credentials, and serial numbering of accounts. While it hasn’t been figured out whether hackers can decrypt and use video streaming data or not, it is possible to download all previous recordings that are kept on the device.

Original Via SEC Consult:

Earlier this month, we published our first article of our Internet of Things series, “IoD – Internet of Dildos“. As promised, we expanded our research and would like to present you with the first results of our “IoB – Internet of Babies” research. Baby monitors serve an important purpose in securing and monitoring our loved ones.

Unfortunately, the investigated device “Mi-Cam” from miSafes (and potentially further devices) is affected by a number of critical security vulnerabilities which raise serious security and privacy concerns. An attacker is able to access and interact with arbitrary video baby monitors and hijack other user accounts. Based on observed user identifier values extracted from the cloud API and Google Play store data…

See the full article at https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby-monitors-fail-to-be-smart/index.html

Leave a Response