This week’s Smart World Problems roundup features a report that tackles the vulnerabilities of baby monitors, how to prevent hackers from driving your car, and how the connected world is damaging your eyes.

Rapid7 report reveals vulnerability in baby monitors

IT security and analytics company Rapid7 released a report that reveals how some baby monitor brands are still vulnerable to attacks.

The company tested seven baby monitors made by six different companies which included the Philips In.Sight B120 baby monitor, iBaby M6 and iBaby M3S, Summer Infant’s Summer Baby Zoom, Lens Peek-a-View, Gynoii, and the Trendnet WiFi Baby Cam TV-IP743SIC.

The report revealed that several popular baby monitors and their related services have security loopholes, namely hardcoded login credentials that can easily be found on the internet or hacked. Starting with the iBaby M6’s website, ibabycloud.com was discovered to have a vulnerability that allowed authenticated users to view camera details of other users. The iBaby M3s uses hardcoded credentials that are accessible from a telnet login prompt and UART interface to grant access to the underlying operation system, while the Philips In.Sight B120/37 also uses hardcoded credentials and statically generated credentials which grants access to both local web server and operating system.

Summer Infant has an authentication bypass vulnerability that allows addition of accounts to any camera without authentication; Lens Laboratories uses hardcoded credentials that are accessible from a UART interface which grants access to the underlying OS and via the local web service, gives local app access via the web UI. Gynoii ships with hardcoded credentials that are accessible via the local web service that gives local app access via the web UI, and TRENDnet also uses hardcoded credentials that are accessible via a UART interface that gives local, root-level operating system access.

The degree of severity regarding how the hacks affect users of the said monitors was not determined but, it’s safe to say that parents should be cautious of connected baby monitors and may want to consider radio or closed network monitors as an alternative.

Fortunately many baby monitor manufacturers are taking action to close security loopholes. Summer Infant stated that it is reviewing Rapid7’s report and will work on tougher security measures, while Gynoii stated their desire to work with Rapid7 to fix the issues with their monitors. Trendnet stated that a physical access was needed to exploit the security bug of its monitor, but it has a patch and software update in the works and will be available soon.

How to prevent hackers from driving your car

The threat of hackers controlling your vehicle is real, as evidenced by a Jeep which was hacked while it was moving, and most recently with a laser pointer that was used to distract a self-driving car’s LIDAR navigation system. As car manufacturers continue their push to connect all future vehicles, you can’t help but wonder if drivers and passengers will ever be safe again.

Security firm TrendMicro, Inc. has a few tips to those who are looking to purchase a new vehicle. The firm recommends the following:

• Carefully selecting which car and maker seems to be taking car hacking very seriously.
• Quiz the dealers about the systems and how truly online-capable the car is.
• Ask how often the manufacturer updates the firmware, and how they deploy the update.

By following the above tips, you are taking a proactive approach in protecting yourself from hackers and not just relying on what security measures car manufacturers put in place. Some of the most vulnerable vehicles include the 2014 Jeep Cherokee, 2015 Cadillac Escalade, 2014 Toyota Prius, 2014 Ford Fusion, to name a few, and because of these known vulnerabilities, the Alliance of Automobile Manufacturers is working with security firms and universities to help them address vulnerabilities in connected vehicles.

How the connected world is damaging your eyes

The Internet of Things simplifies daily tasks by allowing users to control and monitor their homes, cars, and even health trackers right on their smartphones, which means people are spending more time staring at smartphone screens. The problem with this is that it is damaging the eyes.

According to Dr. Atul Gupta, Consultant Refractive surgeon, Asst. Professor of Ophthalmology, prolonged smartphone use can cause headaches, eye strain, blurred vision, and dry eyes, symptoms that can be further aggravated if there is already an existing visual impairment.

According to Dr Padmashree Keiki Mehta, one of India’s leading Ophthalmic surgeons and director of Mehta International eye institute and Colaba eye hospital, the bluish or violet light used in mobile devices is the “highest energy wavelength of visible light. This energy is capable of penetrating all the way to the back of the eye, through the eyes’ natural filters, possibly leading to cataracts and other eye diseases such as retinal damage.”

To prevent damaging the eyes, the doctors recommend:

• Not staring at your smartphone for long periods
• Do not ignore eye strain
• Keep phone at least four to five feet away from the bed while sleeping
• Blink more often to prevent eyes from drying
• Increase contrast on your phone such as using white background with black letter to decrease eye strain
• Increase the font size to prevent or decrease straining on eyes

photo credit: justinsomnia via photopin cc