A security researcher has uncovered a massive flaw affecting over one million surveillance cameras and baby monitors. The problem lies in access keys extracted from a mobile app and default passwords that many users never changed. As a result, thousands of images stored in the cloud were left unprotected, revealing home interiors and personal data such as emails and locations.
The technical flaw: static keys and unlocked clouds 🔐
The vulnerability originated in the mobile app associated with the devices, from which access credentials were extracted. These keys, combined with default passwords like admin or 123456, allowed third parties to connect to the cameras effortlessly. Additionally, the cloud servers storing the images lacked basic authentication, leaving snapshots of nurseries and living rooms exposed. The researcher was able to access live feeds from 118 countries, demonstrating that security was virtually nonexistent.
Your baby camera: the new global reality show 📹
It turns out that having a camera to watch the little one isn't just for checking if they're sleeping, but for sharing their naps with strangers around the world. All thanks to passwords that seem straight out of a bad idea contest: admin for everything. The best part is that manufacturers are probably already preparing an update that, as always, will fix the problem once we've all been unwilling stars of a Netflix documentary.