Security researchers have concluded that a Chinese-made baby monitor sold on Amazon is riddled with vulnerabilities, confirming a mother’s suspicion that her device had been hacked to spy on her infant.
SEC Consult said the FREDI-branded device, which is designed to look like a puppy, is most likely the work of an OEM called Shenzhen Gwelltimes Technology Co., Ltd.
The device has a P2P cloud feature which allows supported smartphone and desktop apps to connect to it via the cloud, making it easy for users to interact with it without needing to be on the same network. There are also no firewall rules, port forwarding rules or DDNS setup, SEC Consult claimed.