You may depend upon your baby monitor to keep an eye on your precious little one, but a newly discovered vulnerability suggests that parents may not be the only ones watching their children. As per a warning from Austrian cybersecurity company SEC Consult, it would appear that the Mi-Cam baby monitor is susceptible to “multiple critical vulnerabilities which include unauthenticated access and hijacking of arbitrary video baby monitors.”
Around 50,000 folks are estimated to have Mi-Cams in their homes, and it would seem that any of them could fall prey to hackers. Ill-intentioned actors can allegedly hack into Mi-Cams and use them to spy on just about anything the cameras can see.
SEC Consult claims that it has tried to contact MiSafe, the company behind the Mi-Cam, to warn it against the potential vulnerabilities. Unfortunately, the security firm says that it has received no answer, and consequently, is urging customers to turn off the Mi-Cams in order to protect themselves.
In order to hack into the Mi-Cam, an attacker would simply need to set up a proxy server capable of intercepting and modifying an HTTP request between a smartphone and device. In this way, attackers would be able to check out Mi-Cam footage without ever entering a password on the device’s companion app. Moreover, SEC Consult claims that there are several APIs that helped them attain information on how to connect to the Mi-Cam cloud network and actually toy with the baby monitor.
As Johannes Greil, head of the SEC Consult Vulnerability Lab noted, “Information retrieved by this feature is sufficient to view and interact with all connected video baby monitors for the supplied [user ID].” Apparently, user IDs were also quite easy to guess.
In SEC Consult’s white-hat hacking efforts, they were able to completely automate the interception of content between the Mi-Cam and its cloud server, which made it easy to effectively set up a standing live-stream of video feeds.
Getting these (among other) issues resolved has proven to be a challenge, especially as it is not entirely clear as to who is responsible for Mi-Cams. While MiSafe is the actual creator of the device, QiWo Smartlink Technology seems to have the rights to the technology. Forbes reports that QiWo is indeed responsible for software updates, and that the company will be reaching out to the Securities Exchange Commission (SEC) in order to address security issues as soon as possible.
Luckily, it would appear that Mi-Cams are no longer in production, which means that you can no longer buy these faulty baby monitors. But if you’re one of the 50,000 or so individuals who already have one of these cameras, you’ll likely want to turn them off for the time being.
Editors' Recommendations
- Military-grade baby monitor called Miku was a hit with parents at CES 2019
- Lack of regulation means wearables aren’t held accountable for health claims
- Vivint Smart Home Security System review
- SimCam security camera’s DIY A.I. recognizes faces, monitors pets and objects
- Ring Alarm Security Kit review
