RSAC 2020: Smart Baby Monitor Vulnerable to Remote Hackers

2020-02-27 03:56

The vulnerabilities were discovered in the iBaby Monitor M6S connected baby camera by researchers with Bitdefender.

"We've tried to reach out to iBaby since May 2019 about three major vulnerabilities in their baby monitor but haven't heard back," Alex Jay Balan, chief security researcher at Bitdefender, said during an RSA session.

In the context of the vulnerable iBaby Monitor, the MQTT protocol used between the baby monitor and the corresponding mobile app was leaking camera ID numbers, user ID numbers, camera status data and in some cases user credentials.

Finally, an Indirect Object Reference vulnerability in the iBaby Monitor M6S was broadcasting personal data of device owners insecurely.

Flaws in a component used by an IP security camera makers exposed more than 2 million devices to attackers who could hijack the company's security cameras, baby monitors and smart doorbells.

News URL

https://threatpost.com/rsac-2020-another-smart-baby-monitor-vulnerable-to-remote-hackers/153272/

#hacker #rsac #smart