PHOTO: Amazon
iBaby Monitor M6S, that retails for about $100 is reported to have leaked personal data of users due to bugs in the system which has resulted in "remote access of the camera" according to research released this week by security firm Bitdefender, reports PC Mag.
Last year, researchers reached out to report the flaws to the vendors and now are releasing the information in hand to protect iBaby users.
The M6S baby monitor notifies parents through video or sound alerts to the cloud, if the baby starts to move or cry, and the private ID keys are supposed to protect those files from hacking.
Chilling video released of hacker talking through smart camera
There are two main problems with the M6S model, first is in a communication protocol known as MQTT (MQ Telemetry Transport) that reveals information about the camera, and the second is a flaw that can leak personal information about the device owner.
Furthermore, researchers warned that connection to the cloud storage used by the company is not adequately set up and can be easily be exploited to obtain access IDs that are hardwired into the WiFi monitor.
"What's troubling the most about the first vulnerability is that the camera uses a secret key and an access key ID to upload an alert to the cloud. These keys can be used for directory listing and downloading of any alert (video or picture) uploaded by any camera with alerts enabled (motion and/or sound)," explained Bitdefender.
"The server leaks camera IDs, user IDs and the status of the camera," according to the Bitdefender team.
"If an attacker monitors the MQTT [MQ Telemetry Transport] server when a user configures a camera, critical information will be leaked to the attacker. They could then stream video, take screenshots, record video, or play music using the obtained credentials," it added.
Yahoo says all 3 billion accounts hacked in 2013 data theft
Recently, a similar incident took place when a girl’s ring camera was hacked, Ashley LeMay who shared the video after reporting this scary incident to the police.
Ashley, who bought the gadget in a Black Friday sale to keep an eye on her three daughters, was left shaken.
Amazon that carries the brand has been contacted for comment. The M6S, released back in 2016, is described under the label "Amazon's Choice" on the shopping website.
While such gadgets are aimed at providing security to its users, failing to take safety measures can also cause harm.
This article originally published on News Week.
1722066109-0/BeFunky-collage]-(58)1722066109-0-270x192.webp "spacex nasa to launch crew 9 mission")
COMMENTS
Comments are moderated and generally will be posted if they are on-topic and not abusive.
For more information, please see our Comments FAQ