Nowadays, many parents they use special Appliances (baby monitor) to monitor their babies when they sleep or generally when they are not in the same room with them. These Appliances they are very useful. But they can also be done dangerous, if abused by malicious people hackers.
A survey by PCMag and Bitdefender showed that the device iBaby Monitor M6S has a serious vulnerability, which allows hackers to steal saved video and photos, yes watch babies live, in real time and yes collect personal information. The worst, though, is that anyone with a baby monitor device M6S and the necessary skills network can violate in cloud-stored content from any device of the same type.
Each time your baby moves, the screen records it and downloads it to in cloud before forwarding it to you. This data is protected by a secret key and an access ID key, but in the end it is not very large safety. These keys do not give access only yours data, but of all others.
However, this is not the only vulnerability in the baby monitor device.
“Using what is called Indirect Object Reference (IDOR), an attacker can steal personal details about parenting, ”writes PCMag. “These details include the addresses e-mail, name, location and even profile picture ”.
Bitdefender had informed about them vulnerabilities on iBaby last May. But the product maker did not respond. This means that the vulnerability still exists and can be used by hackers.
Despite promises of a secure future IoT, researchers are constantly finding vulnerabilities in smart Appliances. However, the fact that endanger data toddlers and babies, it's very worrying. In 2016, a survey by the New York Department of Consumer Protection found that four out of five baby monitor devices were vulnerable to violations.