It's Depressingly Easy To Spy On Vulnerable Baby Monitors Using Just A Browser

A host of baby monitors have been found vulnerable to remarkably simple attacks, researchers warned today. And it’s easy to locate a wide range of popular monitors using just a browser and some simple searches or tweaked web addresses for possible bambino surveillance. Minimal technical skill and effort are required.

Researchers from security consultancy Rapid7 found seven devices were susceptible to straightforward attacks, “trivial” to any competent hacker. They included the Philips In.Sight B120/37, the iBaby M3S and M6 models, theSummer Infant Baby Zoom, TrendNet Wi-Fi Baby Cam, the Lens Peek-a-Viewand a Gynoii device.

In some cases, attacks were as simple as guessing or switching out sections of web addresses, or URLs. In the case of the iBaby M6, it was possible to guess the serial number of a device, the camera type and a user ID, add them to the relevant sections of the service’s web login URL, and execute an authentication bypass to access to the device .... http://www.forbes.com