|image credits: iBaby|
Yes, Some bad guys do!
Baby Monitors are one of the Internet of Things ( IoT) product which made parenting easier. The Internet of Things (IoT) is an environment in which objects, animals or people are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. Baby Monitors offer parents some peace of mind. They sync up with parents' smartphones, making it that much easier to keep an eye on your baby from another room or location.
Vulnerabilities found in Baby Monitors
According to as research conducted by Rapid7, as many as ten vulnerabilities were found in the Baby Monitoring devices of major manufacturers. The newly found vulnerabilities leaves the baby monitors vulnerable to attacks like:-
· Privilege Escalation
· Backdoor Credentials
· Reflective, Stored XSS
· Predictable Information Leak
· Authentication Bypass
· Direct Browsing
· Cleartext Cloud API
Further the storage of the video recordings were encrypted, the passwords are easily guessable and the communications (local as well as cloud based) do not use encrypted protocols.
Who are affected?
Popular vendors like iBaby Labs, Inc, Philips Electronics N.V. and Summer Infant have their product affected. Philips Electronics N.V. acknowledged the flaw and assured to issue a patch soon. Meanwhile iBaby iBaby issued an Official Statement Regarding their Baby Monitors’ Security which can be read here. iBaby Official Satement.
Case Study By Rapid7
Rapid7 researchers have published a detailed Case Study in which they claims there is no easy fix available. Full report is available online and it can be accessed at HACKING IoT : A Case Study On Baby Monitor Exposures and Vulnerabilities.
Also Read : Hacking Gmail With Fridge : Samsung smart fridge leaves Gmail logins vulnerable to attack