U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Vulnerabilities in Fredi Wi-Fi baby monitor can be exploited to use it a spy cam

Vulnerabilities in Fredi Wi-Fi baby monitor could be exploited by a remote unauthenticated attacker to control it and spy on the family. Security researchers at SEC Consult reported discovered that vulnerabilities in Fredi Wi-Fi baby monitor could be exploited by a remote unauthenticated attacker to control it and spy on the family. The investigation started when […]

Fredi Wi-Fi baby monitor

Vulnerabilities in Fredi Wi-Fi baby monitor could be exploited by a remote unauthenticated attacker to control it and spy on the family.

Security researchers at SEC Consult reported discovered that vulnerabilities in Fredi Wi-Fi baby monitor could be exploited by a remote unauthenticated attacker to control it and spy on the family.

Fredi Wi-Fi baby monitor

The investigation started when a mother from South Carolina USA, Jamie Summitt,  claimed someone had taken control over the baby monitor.

Many commercial surveillance products leverage a “P2P cloud” feature that is enabled by default. Every device connects to a cloud server infrastructure and keeps this connection up. Mobile devices and desktop applications can connect to the camera via the cloud.

This architecture makes it easier for users to interact with the camera, no firewall rules, port forwarding rules or DDNS setup are required on the router. But this approach has  many security drawbacks as highlighted by the researchers:

  • The cloud server provider gets all the data (e.g. video streams that are viewed).
    • Open questions: Who runs these servers? Where are they located? Do they comply with local jurisdiction, e.g. also EU GDPR?
  • If the data connection is not properly encrypted, anyone who can intercept the connection is able to monitor all data that is exchanged.
  • The “P2P Cloud” feature bypasses firewalls and effectively allows remote connections into private networks. Now attackers can not only attack devices that have been intentionally/unintentionally exposed to the web (classic “Shodan hacking” or the Mirai approach) but a large number of devices that are exposed via the “P2P Cloud”.

The experts discovered that the P2P service connects directly to the cloud and can be accessed with no more than an 8-digit device number and a shared default password.

This means that everyone accessing to the online portal could enter random numbers with the default password to view camera feeds.

“Unfortunately the device ID does not look very secure,” reads the post published by the researchers.

“Plus the default password is neither randomly generated nor device-specific. Unless the user has changed the password to a secure one, anyone can log in and interact with the camera by ‘trying’ different cloud IDs.”

SEC Consult researchers added that insecure Fredi Wi-Fi baby monitors could also be used by hackers as an entry point in the home networks that host them.

“The ‘P2P Cloud’ feature bypasses firewalls and effectively allows remote connections into private networks. Now attackers can not only attack devices that have been intentionally/unintentionally exposed to the web (classic “Shodan hacking” or the Mirai approach) but a large number of devices that are exposed via the ‘P2P Cloud’.” continues the report.

Is the problem limited to the Fredi Wi-Fi baby monitor?

Unfortunately no, because the Chinese company that provided the firmware for the Fredi baby monitors develops generic camera control apps for many other devices.

“Obviously, the device and the cloud service is not GDPR compliant.” conclude the experts.

“It seems that consumer electronics with opaque supply chains, paired with insecure, built-in cloud features that are enabled by default will keep us busy in the future,” 

The experts also published IoCs to detect the presence of devices using the Gwelltimes “Cloud-Links” platform in infrastructure.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Fredi Wi-Fi baby monitor, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]