Catalin Cimpanu reports:
Many brands of webcams, security cameras, pet and baby monitors, use a woefully insecure cloud-based remote control system that can allow hackers to take over devices by performing Internet scans, modifying the device ID parameter, and using a default password to gain control over the user’s equipment and its video stream.
In the last nine months, two security firms have published research on the matter.
[…]
The privacy implications are enormous
All these rebranded devices use the same Gwelltimes cloud service and Gwelltimes app (named Yoosee) to let customers manage devices. The Yoosee app has over 1 million installs through the Google Play Store alone, meaning that millions of video streams can be easily accessible through this service.
“Obviously, the device and the cloud service is not GDPR compliant,” SEC Consult said. “Here we have a Chinese company that is never mentioned anywhere, developing insecure products and sending our most private information home to their Chinese servers.”
Read more on BleepingComputer.