You probably think your baby is special. Every hacker in the world is just itching to catch a glimpse of that tubby little poo monster. But let’s be real—probably no one is spying on your boring baby.
Nevertheless, on the off chance you are one of the 50,000 parents who bought a Mi-Cam device (presumably to keep track of your bundle of joy while you’re slamming back screwdrivers with the other breeders in your cul-de-sac) you should know that that cheap Chinese-made camera you got is apparently incredibly hackable.
According to Austrian cybersecurity firm SEC Consult, in addition to its 720P HD quality camera and free local video recording, the Mi-Cam comes equipped with “multiple critical vulnerabilities” allowing for the “hijacking of arbitrary video baby monitors.” We’re talking outdated firmware affected by numerous publicly known vulnerabilities; root access protected by 4-digit default credentials; and an easy-to-brute-force password-forget function.
The Mi-Cam app itself is easily compromised as well, according to SEC Consult:
A number of critical API calls can be accessed by an attacker with arbitrary session tokens because of broken session management.
This allows an attacker to retrieve information about the supplied account and its connected video baby monitors. Information retrieved by this feature is sufficient to view and interact with all connected video baby monitors for the supplied UID [unique identifier].
As Bleeping Computer reports, SEC Consult approached both MiSafes (the Mi-Cam’s maker) and the Chinese Computer Emergency Response Team about the flaws, but they got no response so far. We’ve reached out to MiSafes as well and we’ll update if we hear back.
In the meantime, however, the experts recommend you discontinue use of this device. As SEC Consult notes, while cloud-connected hardware may provide users with enhanced usability and convenience, “if security is lacking those products pose a great risk for all customers.”
We couldn’t agree more.
You know, frankly, this is what you get for buying the cheapest-looking remote home monitoring system you can find on Amazon. I mean seriously, this thing has three stars. Don’t you even love your kid? Luckily from the reviews it seems like most people are just using this thing to watch their dogs while their at work, which seems incredibly productive.