Are baby monitors a cybersecurity risk?

Sunil Ravi, Chief Security Architect at Versa Networks, talks to Cyber about the security vulnerabilities discovered in Nooie’s baby monitors

Security vulnerabilities in baby monitors from Nooie could allow attackers to either access the camera feed or execute malicious code on vulnerable devices according to recent research from infosec firm Bitdefender. 

Researchers from the company have said they have achieved remote code execution capabilities on two models from the range of Nooie’s Baby Cam infant monitoring devices. Other devices from the same range may also be vulnerable but this has not been demonstrated.

While Nooie is yet to comment, Bitdefender says it has uncovered four separate vulnerabilities.

In a statement on its website, Bitdefender said: “At Bitdefender, we care deeply about security, so we’ve been working with media partners and IoT devices manufacturers to identify vulnerabilities in the world’s best-selling connected devices. As one of the leading vendors of cybersecurity protection across endpoint and IoT devices, we have been assessing the security of smart-home equipment for more than half a decade. Our goal is to help vendors and customers stay on top of security and privacy blind spots and make the IoT ecosystem safer for everybody.

“While looking into the Nooie Baby Monitor, we identified several vulnerabilities that could let an outside attacker access the camera feed or execute malicious code to further compromise the device. Home users should keep a close eye on IoT devices and isolate them as much as possible from the local or guest network. This can be done by setting up a dedicated SSID exclusively for IoT devices.”

Are baby monitors dangerous?

Sunil Ravi, Chief Security Architect at Versa Networks says: “Every parent buys a baby monitor thinking that it will keep their child safe, however it could be potentially putting them in danger. The security vulnerabilities found in Nooie’s baby monitors, which allows attackers to access the camera feed, shows how security around the Internet-of-Things (IoT) is not being taken seriously enough. 

“IoT devices have major security weaknesses, which result in networks being exposed to new threats. The security vulnerabilities found in the baby monitors could not only allow threat actors to hijack camera feeds, but it also allows hackers to execute malicious code. IoT devices are the perfect point from which threat actors can breach an organisation’s network. Thanks to the work-from-anywhere-era, the boundaries between home and work networks have blurred. Once malware has breached a home network, it can then move laterally across to the homeowner’s work network inflicting significant damage to the organisation. With IoT devices being the perfect target for malware, vendors must ensure that their products have effective security. 

“It is crucial that security is researched and implemented by vendors at every single stage of the product lifecycle. From the design phase, organisations should be researching every possible threat they are vulnerable to and implementing the correct security measures. IoT as a whole is not a well-researched area of technology, and if left unexplored it opens the door to new threats. Only when this happens will organisations be able mitigate the impacts of a cyberattack. If organisations fail to recognise the importance of security within their products, then more households will be on display to prying eyes.” 

Share

Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI