Security researchers from Bitdefender discovered flaws in baby monitors manufactured by Chinese-based vendor Victure. The zero-day vulnerabilities can be exploited to allow hackers access to the camera feed and even plant malware. Bitdefender detailed how a vulnerability on a component of Victure’s PC420 smart camera allowed an attacker to execute remote code on the target device. The researcher also believes a threat actor could broadcast camera feeds to unauthorized third parties.
Concerned parents should prioritize security when purchasing a baby monitor. Researchers made several attempts to contact Victure prior to publishing the information, but never received a response. Researchers suggest parents avoid the products altogether if they have security concerns. Parents should be especially cautious about video and audio monitoring devices that allow two-way communication, because there have been cases of attackers abusing access to those devices to speak directly to occupants of the rooms where the cameras are installed. Remote access to cameras should require a strong password and multi-factor authentication to access them, especially if they are installed in a sensitive location.