Bitdefender security researchers have identified several vulnerabilities in the Nooie Baby Monitor that could let attackers access the camera feed or execute malicious code.
Baby monitors integrated into the IoT concept are extremely useful. Not too long ago, baby monitors were relegated to radio transmissions, but now parents can connect IoT cameras to smartphones or other devices. Unfortunately, this comes with security issues and challenges that are not always easy to overcome.
Out of all security problems a camera might face, allowing third parties to access the live feed of a camera watching a baby is the stuff of nightmares. That’s why it’s essential to find and fix these problems as soon as possible.
Four vulnerabilities have been identified in the Nooie Baby Monitor, in two different firmware and model versions, including an unauthenticated MQTT information leak, unauthorized access to the RTSPS stream, a stack-based buffer overflow leading to remote code execution, and missing AWS bucket access control. Accessing the live feed is obviously the most troubling issue.
“During normal use, when the user requests access to the camera’s audio-video feed, the device will receive a destination where the feed would be uploaded,” explained Bitdefender’s security researchers. “An attacker can connect to the MQTT server without authentication and send this command to arbitrary cameras, specifying a malicious server,” they added. “The devices will then begin to upload their feed to an attacker-controlled server, allowing the attacker to view the live feed.”
The problem doesn’t stop here. It’s also possible to determine the AWS credentials for a specific camera and use them to access the camera uploads and the entire bucket. An attacker can forge a request, get the credentials for a particular camera, then use them to access recordings from all the cameras.
The Nooie Cam app has 50,000-100,000 installs on the Google Play Store, but the number of installs on the Apple Store is not public. Bitdefender reached out to the manufacturers, but they have yet to deploy fixes.
Check out Bitdefender’s Labs report for possible mitigations and a complete analysis of the vulnerabilities.