Smart Baby Monitors Have Serious Security Flaw, Expert Warns

Smart baby monitors, designed to offer peace of mind to parents, may pose a significant security risk due to vulnerabilities discovered by a French cybersecurity expert. Sammy Azdoufal found flaws in the software and cloud infrastructure of popular smart baby monitors, potentially allowing unauthorized access to live video feeds of children.

The expert's investigation, prompted by a friend's request, revealed that some devices lack basic password protection. By generating a list of server links, Azdoufal gained access to images of children stored on the manufacturer's servers without adequate security. He was even able to approximate the location where these images were captured. The issue potentially affects an estimated 1.1 million cameras and video doorbells connected to the internet in at least 118 countries.

These vulnerabilities are linked to hardware, software, and network infrastructure provided by the Chinese company Meari, which are then rebranded and sold by various companies. One such brand, Arenti, has cameras available in Poland through retailers like Media Expert. Identifying whether a baby monitor uses Meari technology can be challenging, as it's not apparent from packaging or the device itself. Business Insider reports that confirmation comes from checking if the smartphone application communicates with servers ending in 'meari.com.cn'.

Azdoufal reported his findings to Meari, but the company reportedly took the issue more seriously only after he demonstrated that employee data had also been leaked. While Meari has since addressed the main system errors and awarded Azdoufal a €24,000 prize, the expert cautions that the problem is not entirely solved. The potential for unauthorized access to sensitive footage of children remains a concern for parents relying on these connected devices.

“

Such certainty is only given by checking if the smartphone application communicates with servers with an address ending in meari.com.cn.