A popular video baby monitor has several serious security flaws that could let attackers view footage of your kids, steal your personal information and even take control of your baby monitor. But it’s not clear if the manufacturer will fix the vulnerabilities.
Researchers at Bitdefender took a look at the iBaby Monitor M6S at the request of PC Magazine and found that while the device used strong encryption standards, the encryption itself was very poorly implemented, with potentially disastrous results.
If you have the iBaby Monitor M6S, you may want to consider not using it until iBaby Labs fixes these issues. Three other iBaby video-monitor models are very similar to the M6S, and it’s possible that those models have the same flaws too.
The Bitdefender researchers found that some crucial encryption keys were based on device IDs and could be easily deduced. A network ID used to log into the cloud server was transmitted insecurely and could be intercepted, making it fairly simple for a stranger to get access to videos of babies uploaded to the device maker’s cloud servers.
Other IDs generated from the device ID could be used to upload alerts from the baby monitor to the cloud server, but could also be used to browse alert footage from strangers’ cameras.
Commands could be sent to the cloud server to return the device user’s name, gender, birth date and email address, revealing vital personal information to the attacker.
And the baby-monitor setup process briefly caused the home Wi-Fi network’s access password to be transmitted in the clear, meaning that anyone snooping within reception range could grab that password.
Who’s monitoring the monitors?
Bitdefender said it tried to contact the baby monitor’s maker, iBaby Labs, twice in May 2019 to notify the company of the flaws. As of yesterday (Feb. 25), Bitdefender said it had received no replies.
We’ve reached out to iBaby Labs as well and will update this story when we receive a response.
Bitdefender looked specifically at the M6S model, but three other models seem to be nearly identical to the M6S. The iBaby Monitor M6T, one of our top choices, offers 720p video resolution instead of the M6S’ 1080p video.
Both of those older models have been deprecated in favor of two new models. The iBaby Monitor M7 adds a projection of the moon and stars onto the ceiling of a baby’s room, and the iBaby Monitor M7 Lite moves the device’s speaker to the top of the unit. Otherwise, they are both very similar to the M6S.