Baby Monitor Vulnerable to Attack via Newly Found BugsBaby Monitor Vulnerable to Attack via Newly Found Bugs
Researchers find holes in Victure IPC360 Camera that could give hackers access to the monitor's camera feed.
August 31, 2021
Newly discovered vulnerabilities in a model of popular baby monitor could allow an outside attacker to access the camera feed or disable encryption of streams stored on the cloud.
Bitdefender uncovered the holes in the Victure IPC360 Camera used in the baby monitor, and has published details in a paper titled "Cracking the Victure IPC360 Monitor."
"In addition to access to the camera feed, an attacker sharing a network with the camera could also enable the RTSP and ONVIF protocols or exploit a stack-based buffer overflow to completely hijack the device," Bitdefender researchers wrote.
The list of vulnerabilities found in the model include:
AWS bucket missing access control
Camera information disclosure
Remote control of cameras
Local stack-based buffer overflow leading to remote code execution
Hardcoded RTSP credentials
The researchers attempted to reach out to Victure multiple times in 2020 to alert them about their findings, but Bitdefender only received generic responses from the company. So they decided to proceed with the vulnerability disclosure this month.
The IPC360 cloud platform serves several other camera models as well, including the Mibao Wireless IP Outdoor Camera, the Akaso P50, and the Robicam Waterproof 360.
“We estimate that these vulnerabilities are affecting more than 4 million devices worldwide,” says Bitdefender in a release on the findings.
The full research report is available here.
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023