If you are using baby monitors, you need to be careful as the security researchers have discovered critical security flaws which can be exploited to keep in eye on your baby — Watch out for Paedophiles.
Another day, another Internet of Things (IoT) connected gadget found vulnerable to the hack. This time it is baby monitors. Yes, hackers can now break into your Internet-connected video baby monitors to observe what your baby is actually doing. Isn’t that cool?
[must url=”https://www.hackread.com/website-streams-from-private-security-cameras/”]Creepy website shows live footage from 73,000 Private Security Cameras Globally[/must]
Security researchers recently got hold of nine Internet-connected baby monitors with a video capability and found out that all nine of them have some of the major security vulnerabilities that could be exploited to gain access to the monitor.
The devices tested by the security researchers were not manufactured by some unfamiliar or infamous brands, but they were mass-produced by some of the most widely available and trustworthy brands including Philips, TRENDnet, WiFiBaby, Withing and several others.
Even though if you are tech-savvy and had taken all the precautionary steps while setting up the system, the baby monitor could still be hacked because all of these devices are based on a Linux operating system. Hackers can exploit the found vulnerabilities and abuse these monitors to carry out powerful attacks.
All nine of the below-mentioned baby monitors are easily available on the online stores and most of the users opt to purchase these devices, which is why the researchers based their study on these products.
- Gyonii (GCW-1010) – $89.34
- iBaby (M3S) – $169.95
- iBaby (M6) – $199.95
- Lens (LL-BC01W) – $54.99
- Philips In.Sight (B120/37) – $77.54
- Summer Infant Baby Zoom (28630) – $199.99
- TRENDnet (TV-IP743SIC) – $69.99
- WiFiBaby (WFB2015) – $259.99
- Withing (WBP01) – $204.60
Did you notice their price tag? It is believed that price does not guarantee the amount of security the monitor is going to provide. What price measures are the quality of the product and the number of features you are going to get.
Considering how insecure these baby monitors manufactured by popular brands are, researchers believe that there could be a lot more products in the market that could have serious security issues and have a much greater chance of being hacked.
After conducting the research, researchers ranked each of the tested devices in an attempt to provide a fair comparison of devices with each other. The results concluded, “Eight of the tested devices received an ‘F’ and one device received a ‘D’,” according to the research papers.
3 Critical Vulnerabilities In Baby Monitors
Apart from the poor grading each of these monitors received, researchers also pointed out some of the most critical vulnerabilities in three monitors, which is said to be “beyond simple weaknesses or complex-to-exploit issues.”
Major Vulnerability # 1 – Philips In.Sight B120 has a major security loophole that once exploited would allow the hacker to gain direct access to the monitor’s web application without any requirement for encryption and authentication. Moreover, hackers can locate, gain remote access, and even change camera settings of a vulnerable monitor by conducting a brute-force attack.
Major Vulnerability # 2 – iBaby M6 has weak web service feature that allows easy access to camera’s details simply by modifying the serial number in the URL string. Hackers can mass-exploit this vulnerability using a simple script, potentially gaining access to the recorded clip of every registered baby monitor.
Major Vulnerability # 3 – Summer Infant Baby Zoom (28630) has serious vulnerability in one of its web service feature that does not require any authorization or password when adding authorized viewer to the camera’s live video stream. An attacker can easily exploit this by adding the email address of their choice and log in to view the video.
Every manufacturer was notified about the vulnerabilities and security flaws found in their product before publicly releasing the report while the upgraded firmware with possible security patches are expected to be released in coming weeks.
It is important to note here that, Philips, out of numerous other manufacturers was the only one who responded promptly to address the reported security flaws. Their team is currently working on releasing a patch for their vulnerable monitors.
The research paper added, “We applaud Philips’ commitment to fixing this vulnerability and their established protocol for handling incoming product vulnerabilities, which included using a documented PGP key to encrypt communications around this sensitive material.”
Suggest ideas, report typos and corrections to firstname.lastname@example.org
[src src=”Source” url=”https://www.rapid7.com/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf”]Rapid7[/src]