A baby monitor called the iBaby Monitor M6S that allows parents to keep an eye on their children through the use of a video camera and their phone is vulnerable to hacking, researchers from Bitdefender found.
Working with PCMag, researchers discovered vulnerabilities in the device that could allow attackers to access your saved pics or videos, view live video and grab your personal information. The findings highlight the security issues that could come with using a baby monitor, raising concerns about whether companies like iBaby are doing enough to spot these problems before the device is released to parents.
In one instance, hackers could exploit "a secret key and an access ID key" used by the camera on the baby monitor, which iBaby calls a top seller. "The problem is that the two keys don't just give the monitor access to your own cloud data; they let you see everyone's data," PCMag reported. That means hackers could stream video, take screenshots, record video or play music if they obtained the right credentials.
The researchers alerted iBaby of the security issues and gave them 90 days to fix these problems, but the company reportedly never responded. Bitdefender researchers said in a blog post on Wednesday they decided to publish their research "in order to patch or mitigate" the issues they found with the device.
iBaby said in a statement on Feb. 29 that the company hasn't found devices that have been hacked and is taking steps to both strengthen security and fix the problems researchers found. Users should periodically change their passwords and delete any inactive invited users, iBaby said. The company also plans to release an update for software that is embedded in the baby monitor.
Originally published Feb. 26.
Update, March 2: Adds statement from iBaby.