This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
On Tuesday, Randy Westergren, a cybersecurity expert, published his study on the Motorola Halo+, a popular baby monitor. He revealed two severe flaws in the protocol and remote code execution (RCE) of the Motorola Halo+ that would allow threat actors to hijack the device.
The Motorola Halo+ comprises an over-the-crib monitor, a handheld unit for parents, and a Wi-Fi-connected mobile application to monitor children that works in Full HD.
Westergren, engineering director of US financial services company Marlette Funding discovered the flaws when he and his wife were hunting for a suitable monitor for their first child and selected the Motorola Halo+ as their preferred option.
After securing the device, Westergren started examining its listening services and discovered a pre-authentication RCE security flaw (CVE-2021-3577) and the tools to obtain a full root shell. Examining system logs made it possible to identify the app’s API requests that gather information regarding its usage.
The researcher also analyzed HTTP-based communication and how the app’s local API operated. Westergren was able to use local API commands to identify GET and SET lists, as well as “value” paramete
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Severe Remote Code Execution Flaws Discovered in Motorola Halo+ Baby Monitors