Reply to post: EXPOSED security vulnerability - Bayit Home Automation webcam Pro HD BH1826/BH1818 model + Temp FIX

We found a hidden backdoor in Chinese Internet of Things devices – researchers

Anonymous Coward
Anonymous Coward

EXPOSED security vulnerability - Bayit Home Automation webcam Pro HD BH1826/BH1818 model + Temp FIX

Check out the video online:

https://youtu.be/Yz-I8Q3rhEU

Consumer Webcam Alert - The reason why Bayit Home Automation marketer of the IOT Bayit Pro HD BH1826 and BH1818 released a mandatory security vulnerability fix for their popular webcam line on Friday March 3rd. An affected Consumer FIRST brought to their attention on Sunday February 26, 2017 a major security breach and exposed vulnerability of their very popular Bayit Pro HD 1080p BH1826 model that was a result of a major lax of security and testing on their part.

The Security vulnerability exposes (2) additional undocumented default login user/passwords access methods over an insecure internet facing web Port 81 without encryption to their webcam when setup of the Camera is completely using the Bayit iPhone app. This immediately exposed the consumer to the internet and making them vulnerable for invasion of privacy. The lax of security of Bayit software of their BH1826/BH181 camera firmware may have existed since the camera was released to the public as far back as 2015. The affected consumer had owned this Bayit Pro HD BH1826 since Nov, 2015 and had done the right thing to secure the camera following all of Bayit instructions for du-diligence by ensuring a password was set. Him and his family of your children privacy of their personal lives were exposed for anyone to see on the internet since Nov, 2015 with no hack required and was finally caught as a result of the camera being operated remotely by changing pan and tilt positions.

This is a case of the consumer doing the right thing and the IOT vendor Bayit Home Automation recklessly neglecting to reasonably secure and protect their devices as a result of very weak security and testing practices.

This consumer should not have been the person to expose their negligence this late. This should have been caught much earlier and stricter security standard should have been practiced to secure and protect the privacy of their consumers.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon