Are baby monitors a cybersecurity risk?

Sunil Ravi, Chief Security Architect at Versa Networks, talks to Cyber about the security vulnerabilities discovered in Nooie’s baby monitors

Security vulnerabilities in baby monitors from Nooie could allow attackers to either access the camera feed or execute malicious code on vulnerable devices according to recent research from infosec firm Bitdefender. 

Researchers from the company have said they have achieved remote code execution capabilities on two models from the range of Nooie’s Baby Cam infant monitoring devices. Other devices from the same range may also be vulnerable but this has not been demonstrated.

While Nooie is yet to comment, Bitdefender says it has uncovered four separate vulnerabilities.

In a statement on its website, Bitdefender said: “At Bitdefender, we care deeply about security, so we’ve been working with media partners and IoT devices manufacturers to identify vulnerabilities in the world’s best-selling connected devices. As one of the leading vendors of cybersecurity protection across endpoint and IoT devices, we have been assessing the security of smart-home equipment for more than half a decade. Our goal is to help vendors and customers stay on top of security and privacy blind spots and make the IoT ecosystem safer for everybody.

“While looking into the Nooie Baby Monitor, we identified several vulnerabilities that could let an outside attacker access the camera feed or execute malicious code to further compromise the device. Home users should keep a close eye on IoT devices and isolate them as much as possible from the local or guest network. This can be done by setting up a dedicated SSID exclusively for IoT devices.”

Are baby monitors dangerous?

Sunil Ravi, Chief Security Architect at Versa Networks says: “Every parent buys a baby monitor thinking that it will keep their child safe, however it could be potentially putting them in danger. The security vulnerabilities found in Nooie’s baby monitors, which allows attackers to access the camera feed, shows how security around the Internet-of-Things (IoT) is not being taken seriously enough. 

“IoT devices have major security weaknesses, which result in networks being exposed to new threats. The security vulnerabilities found in the baby monitors could not only allow threat actors to hijack camera feeds, but it also allows hackers to execute malicious code. IoT devices are the perfect point from which threat actors can breach an organisation’s network. Thanks to the work-from-anywhere-era, the boundaries between home and work networks have blurred. Once malware has breached a home network, it can then move laterally across to the homeowner’s work network inflicting significant damage to the organisation. With IoT devices being the perfect target for malware, vendors must ensure that their products have effective security. 

“It is crucial that security is researched and implemented by vendors at every single stage of the product lifecycle. From the design phase, organisations should be researching every possible threat they are vulnerable to and implementing the correct security measures. IoT as a whole is not a well-researched area of technology, and if left unexplored it opens the door to new threats. Only when this happens will organisations be able mitigate the impacts of a cyberattack. If organisations fail to recognise the importance of security within their products, then more households will be on display to prying eyes.” 

Share

Featured Articles

How secure is sensitive data stored in the cloud?

A Cloud Security Alliance (CSA) survey has found 67% of organisations store sensitive data in public cloud environments, but how secure is it?

CYBER LIVE LONDON: Day 2 highlights of the hybrid tech show

We take a look at highlights of the different stages at the Tech Live London show, including insights from Claroty, SalesForce and Oracle

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

Does a cashless society mean higher risk of fraud?

Cyber Security

5 minutes with Gary Brickhouse, CISO of GuidePoint Security

Cyber Security

CTO at Passbolt explains the importance of password managers

Application Security