Dark Web Hackers Exploit Babies
Ohhh Baby! Nooie baby monitors not only monitor babies anymore. They are also laden with many vulnerabilities caused by the Zero-day bug. According to cyber researchers, they have located several bugs in the Nooie baby monitors. In their report, it was noted that one such bug found to be exploiting the device is the Zero-day bug. With the infiltration of this bug, dark web hackers have access to feeds and can even use the device to execute malicious codes.
And while the cyber security analysts have made available their findings, the manufacturer of the baby device has yet to address the severe problem. The severity of the Zero-day bugs is documented in the article titled – Nooie Baby Monitor Bugs – posted by Bitdefender researchers.
Unpatched Zero-day Bugs
Reportedly, the bugs were discovered in 2020 in the Nooie baby monitors. Specifically, the Bitdefender research analysts revealed four different vulnerabilities in the Nooie Cam. However, despite the flaws reported to the makers of the device, the vulnerabilities remain unpatched.
Thus, with the exploit capability that targets the baby monitors, the researchers have made their findings of the Zero-day bug public. The flaws can allow dark web hackers to gain access to the user ID of the baby monitor. The researchers even warned users of the affected product to exercise vigilance.
Dark Web Hackers Link
Regarding the unpatched vulnerabilities, the bugs allow communication between the MQTT server and the baby monitor without any form of authentication. Therefore, it allows criminal dark web hackers to subscribe to the device via the/device/init topic and gain access to the private details of the gadget.
Now, the danger lies in the connection to the MQTT server that doesn’t have authentication. With the new access, a hacker can easily access live feeds of the infiltrated cameras. Furthermore, the researchers stated the camera’s topic /device//cmd, can then be used to publish messages through the UUID parameter. In addition, the JSON format could best accommodate a virus payload, but it must be associated with the CMD and URL parameters.
Monitors Execute Malicious Malware
Next in line, the third vulnerability allows code execution through a stack-based buffer overflow. With all four vulnerabilities stacked together, the hacker now has easy access to the targeted device AWS credentials with its private user IDs.
According to the researchers, the camera /rest/v2/device/get_awstoken endpoint connects to eu.nooie.com. From the site, the AWS credentials that store private recordings can be stolen from its cloud storage. Thus, creating the prerequisites for the hacked IDs on the MQTT server (UUID and UID).
With all the found vulnerabilities, explicit access is granted to stored recordings, and serve as an entry point for hackers to reset the AWS bucket.
No Patch Available for Zero-day Bug
The researchers in their blog report tested two devices – PC100A (Nooie Cam 360) (v1.3.88), and IPC007A-1080P (Nooie Cam Indoor 1080p) (v2.1.94).
Accordingly, since the vendors of the baby monitor have not rectified the reported bugs, since 2020, consumers are being warned to unplug or isolate the baby monitors. As a precautionary measure, users should restrict SSID access to all IoT devices. Also, they are advised to access the latest firmware updates to know when patches for the Zero-bug vulnerabilities become available.