Are baby monitors a cybersecurity risk?
Security vulnerabilities in baby monitors from Nooie could allow attackers to either access the camera feed or execute malicious code on vulnerable devices according to recent research from infosec firm Bitdefender.
Researchers from the company have said they have achieved remote code execution capabilities on two models from the range of Nooie’s Baby Cam infant monitoring devices. Other devices from the same range may also be vulnerable but this has not been demonstrated.
While Nooie is yet to comment, Bitdefender says it has uncovered four separate vulnerabilities.
In a statement on its website, Bitdefender said: “At Bitdefender, we care deeply about security, so we’ve been working with media partners and IoT devices manufacturers to identify vulnerabilities in the world’s best-selling connected devices. As one of the leading vendors of cybersecurity protection across endpoint and IoT devices, we have been assessing the security of smart-home equipment for more than half a decade. Our goal is to help vendors and customers stay on top of security and privacy blind spots and make the IoT ecosystem safer for everybody.
“While looking into the Nooie Baby Monitor, we identified several vulnerabilities that could let an outside attacker access the camera feed or execute malicious code to further compromise the device. Home users should keep a close eye on IoT devices and isolate them as much as possible from the local or guest network. This can be done by setting up a dedicated SSID exclusively for IoT devices.”
Are baby monitors dangerous?
Sunil Ravi, Chief Security Architect at Versa Networks says: “Every parent buys a baby monitor thinking that it will keep their child safe, however it could be potentially putting them in danger. The security vulnerabilities found in Nooie’s baby monitors, which allows attackers to access the camera feed, shows how security around the Internet-of-Things (IoT) is not being taken seriously enough.
“IoT devices have major security weaknesses, which result in networks being exposed to new threats. The security vulnerabilities found in the baby monitors could not only allow threat actors to hijack camera feeds, but it also allows hackers to execute malicious code. IoT devices are the perfect point from which threat actors can breach an organisation’s network. Thanks to the work-from-anywhere-era, the boundaries between home and work networks have blurred. Once malware has breached a home network, it can then move laterally across to the homeowner’s work network inflicting significant damage to the organisation. With IoT devices being the perfect target for malware, vendors must ensure that their products have effective security.
“It is crucial that security is researched and implemented by vendors at every single stage of the product lifecycle. From the design phase, organisations should be researching every possible threat they are vulnerable to and implementing the correct security measures. IoT as a whole is not a well-researched area of technology, and if left unexplored it opens the door to new threats. Only when this happens will organisations be able mitigate the impacts of a cyberattack. If organisations fail to recognise the importance of security within their products, then more households will be on display to prying eyes.”