Baby Monitor Vulnerable to Attack via Newly Found BugsBaby Monitor Vulnerable to Attack via Newly Found Bugs

Researchers find holes in Victure IPC360 Camera that could give hackers access to the monitor's camera feed.

August 31, 2021

1 Min Read

Newly discovered vulnerabilities in a model of popular baby monitor could allow an outside attacker to access the camera feed or disable encryption of streams stored on the cloud.

Bitdefender uncovered the holes in the Victure IPC360 Camera used in the baby monitor, and has published details in a paper titled "Cracking the Victure IPC360 Monitor."

"In addition to access to the camera feed, an attacker sharing a network with the camera could also enable the RTSP and ONVIF protocols or exploit a stack-based buffer overflow to completely hijack the device," Bitdefender researchers wrote.

The list of vulnerabilities found in the model include:

AWS bucket missing access control
Camera information disclosure
Remote control of cameras
Local stack-based buffer overflow leading to remote code execution
Hardcoded RTSP credentials

The researchers attempted to reach out to Victure multiple times in 2020 to alert them about their findings, but Bitdefender only received generic responses from the company. So they decided to proceed with the vulnerability disclosure this month.

The IPC360 cloud platform serves several other camera models as well, including the Mibao Wireless IP Outdoor Camera, the Akaso P50, and the Robicam Waterproof 360.

“We estimate that these vulnerabilities are affecting more than 4 million devices worldwide,” says Bitdefender in a release on the findings.

The full research report is available here.