Mi-Cam Remote Video Monitoring System
Researchers with SEC Consult discovered several vulnerabilities in Mi-Cam, a generic Wi-Fi monitoring system produced by the Chinese-based manufacturer, miSafes. The Mi-Cam is marketed for use indoors to monitor babies and pets and allows users to remotely access its live video feed via Android or iOS mobile applications. A total of six vulnerabilities were detected including weak default credentials, enumeration of user accounts, and outdated and vulnerable software. If successfully exploited, a threat actor with knowledge of these flaws could hijack live video feeds using a copy of the associated mobile application and an intercepting proxy server. Mi-Cam Android application v1.2.0, iOS application v1.0.5, and the Mi-Cam firmware v1.0.38 are also affected. More information about these vulnerabilities is available via Bleeping Computer. The NJCCIC recommends users and administrators of Mi-Cam video monitoring systems consider discontinuing the use of these devices unless and until a patch or workaround becomes available.