The whole point of having a baby monitor with a camera set up in a child's room by a parent and/or guardian is to keep the child safe and protected (and making sure they are taking their full naps, of course.) While some funny and mischievous baby monitor videos are put on YouTube and Facebook by parents to share in the joy of watching their little ones engage in late night follies when they should be sleeping, most people don't want just anyone watching their children in the privacy of their own homes, in their own beds, from remote locations. But, that is what is happening with some baby monitors, such as the Chinese made Mi-Cam.
Photo: The Mi-Cam from the manufacturer's website
The report is that over 50,000 Mi-Cam baby monitor cameras have been hacked by remote viewing hackers. The Mi-Cam baby monitors are an internet connected (IoT) video monitoring system with a 720P HD camera. Parents can control the monitors through their Android and iOS phones, tablets, and other devices.
The website hackread.com reports: "According to researchers, there are total six vulnerabilities out of which one lets attackers breach the device’s security on Mi-Cam Android app without the need for client SSL certificate or password. The only thing an attacker has to do is use a proxy server in order to intercept communication between the monitor and smartphone."
The Mi-Cam is extremely easy to set up and use. Browsing the company website, all the consumer needs to do is plug in the camera, download the app, and pair the device via Wi-Fi.
As easy as it is to set up, it's also quite shocking how easy it is for hackers to gain access to these baby monitors. In addition to breaching the devices' security through the Android app, hackers can utilize the monitor's password forget function by having a verification code sent and then using brute force techniques to hack into the user's email address. But, that's not where the vulnerabilities end.
In addition, the device permits hackers to gain access to the hardware and extract the firmware due to “unlabeled Universal asynchronous receiver/transmitter (UART) interface.” As if that weren't enough, the software is already out of date and affected by publicly known vulnerabilities.
This is a stark reminder that anything that is part of the IoT, The Internet of Things, is vulnerable and not only is the brand chosen of extreme importance but also the installation and always resetting the password after install out of factory settings.
As pointed out by the hackread.com article, "Internet-connected (IoT) devices are highly vulnerable and not only allow hackers to scare kids but also let pedophiles can keep an eye on vulnerable children or in some cases record footages and sold on the dark web. Therefore, if you are using a baby monitor for your child make sure it is properly secured."
Don't go for a technology just because it is the cheapest, or because it is easy to install, or because you don't need a professional to help you integrate it. Especially when it comes to security. Always research. And, when it doubt, call a licensed security expert. We may have a much better solution for you.
To learn more about how easily these Mi-Cam baby monitors are hacked, here's a great video.
To read more on this topic, click here to go to the hackread.com article.
For a security expert evaluation of your home or business security, please contact us. Our quotes are always free. We serve within 200 miles of Greenville, South Carolina. Please read our case studies and testimonials as well.
Experience the next generation of interactive security services and solutions with GenX Security.
With custom security integration solutions come custom quotes designed for your needs. Please contact us by clicking here or calling 866-598-4369.