X

iBaby monitor vulnerable to hacking

Hackers could access saved videos and pictures and view live video, Bitdefender researchers found.

Queenie Wong Former Senior Writer
Queenie Wong was a senior writer for CNET News, focusing on social media companies including Facebook's parent company Meta, Twitter and TikTok. Before joining CNET, she worked for The Mercury News in San Jose and the Statesman Journal in Salem, Oregon. A native of Southern California, she took her first journalism class in middle school.
Expertise I've been writing about social media since 2015 but have previously covered politics, crime and education. I also have a degree in studio art. Credentials
  • 2022 Eddie award for consumer analysis
Queenie Wong
2 min read
cybersecurity-hacking-4

Security researchers found problems with a baby monitor its maker calls a top seller.

Graphic by Pixabay/illustration by CNET

A baby monitor called the iBaby Monitor M6S that allows parents to keep an eye on their children through the use of a video camera and their phone is vulnerable to hacking, researchers from Bitdefender found.

Working with PCMag, researchers discovered vulnerabilities in the device that could allow attackers to access your saved pics or videos, view live video and grab your personal information. The findings highlight the security issues that could come with using a baby monitor, raising concerns about whether companies like iBaby are doing enough to spot these problems before the device is released to parents.

In one instance, hackers could exploit "a secret key and an access ID key" used by the camera on the baby monitor, which iBaby calls a top seller. "The problem is that the two keys don't just give the monitor access to your own cloud data; they let you see everyone's data," PCMag reported. That means hackers could stream video, take screenshots, record video or play music if they obtained the right credentials.

The researchers alerted iBaby of the security issues and gave them 90 days to fix these problems, but the company reportedly never responded. Bitdefender researchers said in a blog post on Wednesday they decided to publish their research "in order to patch or mitigate" the issues they found with the device.

iBaby said in a statement on Feb. 29 that the company hasn't found devices that have been hacked and is taking steps to both strengthen security and fix the problems researchers found. Users should periodically change their passwords and delete any inactive invited users, iBaby said. The company also plans to release an update for software that is embedded in the baby monitor.

Watch this: Smart diapers, a state-of-the-art toothbrush, and a robot to bring you a fresh roll of TP

Originally published Feb. 26.
Update, March 2: Adds statement from iBaby.