Take, for example, the Mi-Cam device that has approximately 50,000 users. "Information retrieved by this feature is sufficient to view and interact with all connected video baby monitors for the supplied [user ID]." SEC researchers tore also apart the Mi-Cam device to extract its firmware, the core software of the technology, from which they were able to find default root passwords to watch video feeds on the baby monitor. The researchers said they'd tried to contact the vendor of the Mi-Cam device since December 2017, but had no luck. A spokesperson from Qiwo said the company will contact SEC for details and fix the bugs as soon as possible.

Source: Forbes February 21, 2018 12:07 UTC