For many, having their own offspring represents the fulfillment of all their dreams. Parents should take good care of the little ones accordingly. Have been helping for a long time baby monitors, with which you can immediately notice if the child suddenly starts crying in another room. In the meantime, there are also auxiliary solutions with a camera and video feed. However, some of them harbor a high security risk from hackers, as has now become known.
baby monitors: There is a risk of hacker attacks
According to a report by Bitdefender experts, they took a few baby monitors and examined them more closely. Two models from the manufacturer Nooie particularly caught their eye. During their research, they found that unauthorized persons could gain access to the video stream and the operating system through serious security gaps.
The focus is on the MQTT protocol, with which the cameras can register with the MQTT server and receive a URL from there. They then send the video transmission from the children’s room to this URL. But the server allows access without authentication.
Now, when hackers make a subscribe request for the /device/init topic, they contain user accounts and camera IDs from all devices that are currently online. Further requests could then allow them to target cameras to a server that they control themselves. So the stream of the baby monitors could be sent unnoticed to an unknown person.
Amazon Web Services also affected
The Bitdefender team followed all these steps themselves. In addition, they found out that cloud access data could be spied on by AWS (Amazon Web Services). Recordings can be uploaded and saved there.
So far the cameras PC100A (Nooie Cam 360) version 1.3.88 and IPC007A-1080P (Nooie Cam Indoor 1080p) with version 2.1.94 are affected. It cannot be ruled out that other models have the same flaws.
And what does Nooie do?
The Bitdefender team pointed out the dangers to those responsible at Nooie at the end of 2020. The company only responded on the second attempt and then received relevant information and evidence of the problem from Bitdefender. Almost exactly a year later, they followed up and wanted to know how far the solution to the problem had progressed. But there was no further reaction to that. Now it was decided to make the security risk public.
According to Bitdefender, at least 50,000 to 100,000 households could be affected – that’s how many times Nooie’s baby monitor app was downloaded from the Google Play Store alone. The figures of the Apple Store are not public, but it can be assumed that the software has also found many interested parties there.
It is not clear whether Nooie has already taken steps to close the security gap. However, a quick search reveals that the Nooie Cam has disappeared from the Apple and Google stores.
Safety Precautions: You must do this
If you still have one of the endangered baby monitors, there are a few measures that need to be taken now. Bitdefender recommends isolating the relevant devices from the local or guest network for home use.
You can only achieve this with your own WLAN SSID for so-called IoT devices (“Internet of Things” – “Internet of Devices”). IoT describes the linking of physical objects with a virtual representation in an Internet-like structure. Furthermore, users should regularly look out for software updates.
The permanent connection of everyday devices to the Internet naturally also increases the dangers of cybercrime. Therefore, safety should be the top priority. Google is apparently using coercion and is taking action for millions of users.