In response to SEC-Consult research that the FREDI baby monitor from China-based Shenzhen Gwelltimes Technology Co., Ltd. (with a rich set of cloud services controlled by an app, and offered by Amazon as shown in the image below) was reported by a South Carolina mother to have been used in eavesdropping, Corero Network Security commented below.
Sean Newman, Director Product Management at Corero Network Security:
“After lessons learned from the Mirai IoT DDoS botnet, over 20 months ago, you might have thought that more IoT device manufacturers would have started to make improvements to the security of their devices by now. However, the latest reports of cloud connected, video enabled, baby monitors being compromised, shows that this just isn’t the case. Like the devices exploited by that original Mirai botnet, these IoT devices are being exposed due to weak security, with the same fixed default administrator username-password pair applied to every model shipped from the factory. Not only does that leave these devices easily exploitable for various nefarious purposes, including DDoS attacks, as with Mirai, this case also brings with it serious privacy concerns for the users of these devices.”