Quote:A vulnerability affecting multiple baby monitors could allow someone to drop in and view a camera’s video stream, according to researchers. Potentially hundreds of thousands of live devices are impacted, they said.
The issue exists in the manufacturers’ implementation of the Real-Time Streaming Protocol (RTSP), which is a set of procedures used by various cameras to control their streaming media. It’s possible to misconfigure its implementation, so that no authentication is needed for unknown parties to connect, according to the SafetyDetectives cybersecurity team.
“Whilst this means that potentially harmful individuals could be able to access private images of your children, their bedrooms and possessions, this specific vulnerability is also concerning with regards to daycare centers – which are commonly known to stream video from inside kindergarten for onlooking parents and guardians,” researchers said. “If your baby monitor or any RTSP camera does not require parties to enter a password each time they connect to the video stream, the images shown on that stream are potentially unsecured, and therefore accessible to anyone.”
The specific models that the team tested that proved to be vulnerable include the Hipcam RealServer/V1.0; the webcamXP 5; and the Boa/0.94. 14rc21.
Initial research on Shodan showed large numbers of vulnerable devices connected to the internet, all over the world.
“Our team was able to identify unsecured devices either through their ‘server header,’ or their onscreen overlay that details the particular brand,” according to researchers, writing on Tuesday. “A server header is a strip of information provided with RTSP that details numerous factors, including the device type. The server header gives us evidence of which devices provide unauthorized access.”
Read more: https://threatpost.com/baby-monitors-una...ng/163982/
![[-]](https://www.geeks.fyi/images/collapse.png)
