Baby Monitor Vulnerable to Attack via Newly Found Bugs

Dark Reading -

Newly discovered vulnerabilities in a model of popular baby monitor could allow an outside attacker to access the camera feed or disable encryption of streams stored on the cloud.

Bitdefender uncovered the holes in the Victure IPC360 Camera used in the baby monitor, and has published details in a paper titled “Cracking the Victure IPC360 Monitor.”

“In addition to access to the camera feed, an attacker sharing a network with the camera could also enable the RTSP and ONVIF protocols or exploit a stack-based buffer overflow to completely hijack the device,” Bitdefender researchers wrote.

The list of vulnerabilities found in the model include:

AWS bucket missing access control Camera information disclosure Remote control of cameras Local stack-based buffer overflow leading to remote code execution Hardcoded RTSP credentials

The researchers attempted to reach out to Victure multiple times in 2020 to alert them about their findings, but Bitdefender only received generic responses from the company. So they

The post Baby Monitor Vulnerable to Attack via Newly Found Bugs first appeared on Dark Reading.

Read More.....