The security on this is actually a lot better than most cameras--all the traffic... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

a2tech on Feb 22, 2018 | parent | context | favorite | on: When baby monitors fail to be smart

The security on this is actually a lot better than most cameras--all the traffic is SSL using trusted client certs. To get into the traffic they had to tear the device apart and extract the cert. After that they could MITM the traffic between the camera and the remote server and observe some bad security. Unfortunately they also published the extracted certificate on their blog which is not cool.

matthberg on Feb 22, 2018 [–]

They unfortunately did not have to tear the device apart and extract the cert, they state that each device uses the same one, valid until 2038, which was exposed in a previous exploit (and was likely previously available online as a result). Though it was definitely a bad idea to post it again on their site.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact