The SafetyDetectives cybersecurity team has discovered a vulnerability affecting baby monitors, provoked by their misapplication/misconfiguration, which provides potentially harmful parties with unauthorized access to each camera’s video stream.
In mid-December 2020, our cybersecurity team identified numerous baby monitors that are amongst the RTSP devices that do not require authentication for unknown parties to connect.
‘RTSP’ (Real-Time Streaming Protocol) is a set of procedures used by various cameras to control their streaming media. Many baby monitors use RTSP, and it’s important to highlight that other cameras using RTSP (like CCTV cameras) could also be unsecured due to misconfiguration, and unsafe to use for some applications.
Whilst this means that potentially harmful individuals could be able to access private images of your children, their bedrooms, and possessions, this specific vulnerability is also concerning with regards to daycare centers – which are commonly known to stream video from inside kindergarten for onlooking parents and guardians.