"But bad actors could've easily spied on all these locations - and a million more - because many of Meari Technology's Wi-Fi baby monitors and security cameras were absurdly insecure. If you had access to one of those cameras, you theoretically had access to them all."
"Meari is a Chinese white-label brand whose cameras ship under hundreds of different names. Many are generic-sounding Amazon sellers like Arenti, Anran, Boifun, and ieGeek. But financial records show one of the company's biggest customers is Wyze; its biggest customer is Zhiyun; and many hackable cameras were from Intelbras. At least one of Petcube's pet-monitoring cameras appears to be a Meari product as well."
"Sammy Azdoufal - the man from France who created a remote-controlled army of DJI Romo robot vacuum cleaners without really trying - tells The Verge he found 1.1 million remotely accessible Meari cameras almost the same way. Just by inspecting the Android app, Azdoufal says he was able to extract a single key that gave him access to devices across 118 countries."
"Every one of those million devices was broadcasting its information to anyone who knew how to listen. Or anyone who knew how to guess the company's passwords, many of which were still set to default. One of those passwords was the word "admin." Another was the word "public.""
Baby and child images show how insecure Wi‑Fi monitors and security cameras can expose private spaces. Many devices used by families were made by a Chinese white‑label manufacturer that ships the same cameras under many different brand names. Financial records link the manufacturer to major customers and show that multiple brands may share the same underlying products. A researcher found about 1.1 million remotely accessible cameras by inspecting an Android app and extracting a key that enabled access across many countries. Devices broadcast data to anyone who could listen or guess passwords, including common defaults like “admin” and “public.” Using an MQTT data stream, the researcher mapped activity and viewed sensitive information including email addresses, rough locations, and large volumes of photos.
Read at The Verge
Unable to calculate read time
Collection
[
|
...
]