A security flaw in this baby monitor allowed hackers to take videos of children

Friday, 28th February 2020, 5:29 pm
Updated Friday, 28th February 2020, 5:31 pm

Baby monitors are a great tool for new parents. However, if security measures aren't implemented properly, they can become a serious privacy risk.

Experts from cybersecurity and anti-virus software company, Bitdefender, discovered severe vulnerabilities with the iBaby Monitor M6S baby alarm that could allow hackers to access the device and view images and videos.

The camera in question, which was being sold on Amazon, reportedly comes with an increased risk of third parties being able to spy on children, without parents even knowing.

Hackers can access private information

Bitdefender chief security researcher and expert in digital threats Alexandru 'Jay' Balan said, "The vulnerabilities we found in the iBaby camera allow an attacker to access the camera's images, video footage and private information, such as the user's email address, name, location and profile picture."

Diving into the device's firmware revealed that, although the camera uses strong encryption standards, they aren't properly secure, meaning hackers can easily access files.

The iBaby Monitor M6S baby alarm was sold on Amazon (Photo: iBaby)

The monitor uploads videos and pictures to a cloud service, which is apparently easy to decrypt for instant access to all the files. Balan also stressed that this isn't the first time an internet connected video surveillance device has shown these flaws.

He said, "We have researched the iBaby Monitor M6S because it is a popular internet-connected product. No doubt, there are countless other IoT [Internet of Things] devices that are at least as vulnerable, but haven't been revealed yet."

Bitdefender recommends keeping all your software up to date if you want to protect your smart devices from hackers. It also recommends applying two factor authentication to your tech, which means using a separate device to verify who you are every time you log in.

iBaby 'quickly researching reports of foul play'

In response to these claims iBaby issued a statement which reads, "It has come to our attention that certain online articles regarding the vulnerabilities of our iBaby M6S have caused concerns. We want to reassure you that the security of our customers’ database is and has always been our utmost priority.

"We follow strict government privacy guidelines and use the industry’s highest standards to guard the safety of our customers’ data. However, we are quickly researching these reports and verifying the validity of the claims.

"Right now we have not received any data compromising reports. We are also working with members of the media to research and investigate their reports."