Do you have a Mi-Cam in your home? Even if you don’t have kids, you may have one. They’re a highly popular, inexpensive means of keeping tabs on the comings and goings inside your home when you’re not around.
As with so many such devices these days, users have the option of installing either an Android or iOS app on their phones so they can peek in remotely, any time they like, and therein lies the problem.
It’s no secret that the IoT is filled with “smart” devices that don’t live up to their name when it comes to security, and the Mi-Cam is no exception. Security researchers have discovered that the communications between the company’s cloud servers where the video feeds live and the smartphones of the product’s user based are not secure.
So far, six different vulnerabilities have been identified, all of them critical. Any one of them would allow a hacker to hijack the window into your video feed and use that to scroll through literally every video feed on the company’s cloud, regardless of who owns it. All told, that’s more than fifty thousand video feeds, accessible from a single point of entry.
It gets worse. The attack is trivial to perform, because no SSL certificate is needed. All that’s required is a copy of either the Android or iOS mobile app.
The manufacturer of the Mi-Cam has been notified of these critical security flaws, but as of now, none have been addressed. The company has not released any information about when they might be. In light of that, if you have one, your best bet is to simply stop using it until the company can at least employ some rudimentary security protocols.