"Misconfigured Baby Monitors Allow Unauthorized Viewing"

Security researchers have discovered a vulnerability affecting multiple baby monitors that could allow an adversary to drop in and view a camera’s video stream.  Potentially hundreds of thousands of live devices are impacted, the researchers stated.  The issue exists in the manufacturers’ implementation of the Real-Time Streaming Protocol (RTSP), a set of procedures used by various cameras to control their streaming media. According to the researchers, it’s possible to misconfigure its implementation so that no authentication is needed for unknown parties to connect. The specific models that the team tested that proved to be vulnerable include the Hipcam RealServer/V1.0; the webcamXP 5; and the Boa/0.94. 14rc21.  The researchers stated that if one owns a baby monitor or any RTSP camera that does not require parties to enter a password each time they connect to the video stream, the images shown on that stream are potentially unsecured and therefore accessible to anyone.  The researchers were able to identify unsecured devices either through their ‘server header’ or their onscreen overlay that details the particular brand.

Threatpost reports: "Misconfigured Baby Monitors Allow Unauthorized Viewing"