I used to work at a startup that built products for parents of infants and toddlers, such as "smart socks" to monitor babies' vitals, and was involved in the late-stage development of their smart baby monitor camera, which released last year. (A quick web search of certain terms above should give you a good guess as to which company I'm talking about.)
They—and dozens of other companies—use off-the-shelf commodity components from the Chinese corporation Aoni, and their camera is essentially the device linked below, but in a different case: http://anc.cn/ip-camera/smart-wireless-cube-camera/smart-wir...
Check the specs, as well as the general appearance of the thing from the front.
While inspecting the traffic coming in and out of this thing, I saw it making a ton of requests to really weird Chinese IP addresses and uploading a lot of data. It was encrypted, so I couldn't tell for sure what it was, but it presumably was video footage. I raised these concerns to others on my team, but besides a "huh, weird", none of them seemed to care enough to investigate further or properly escalate it. I was just a temp, so I didn't have the pull or influence that full-time employees had.
It was really concerning to me that this stuff wasn't properly addressed, but instead was swept under the rug, despite the fact that it's going to be pointed at babies and toddlers. There are some real disgusting folks out there who will take advantage of this, if they haven't already, especially since it has the same two-way audio that "Santa" used with the Ring cameras.
(If any of my former co-workers are reading this, I genuinely don't mean you any ill will in particular. But the company really needs to fix those issues, and not simply re-case commodity camera systems from surveillance states. There's obviously a backdoor, and if Aoni/China can access it, so can the aforementioned disgusting people.)
Yeah, this is pretty much my understanding from reading reddit threads and tutorials for running custom firmware. Even if you disable whatever 'cloud' option your hardware ships with and run off, say, an SD card, your data is still being dumped somewhere in China if you allow your device to talk outside of you LAN.
It's a pretty sad state of affairs when there are no real viable options for consumers if you care about security.
They—and dozens of other companies—use off-the-shelf commodity components from the Chinese corporation Aoni, and their camera is essentially the device linked below, but in a different case: http://anc.cn/ip-camera/smart-wireless-cube-camera/smart-wir...
Check the specs, as well as the general appearance of the thing from the front.
While inspecting the traffic coming in and out of this thing, I saw it making a ton of requests to really weird Chinese IP addresses and uploading a lot of data. It was encrypted, so I couldn't tell for sure what it was, but it presumably was video footage. I raised these concerns to others on my team, but besides a "huh, weird", none of them seemed to care enough to investigate further or properly escalate it. I was just a temp, so I didn't have the pull or influence that full-time employees had.
It was really concerning to me that this stuff wasn't properly addressed, but instead was swept under the rug, despite the fact that it's going to be pointed at babies and toddlers. There are some real disgusting folks out there who will take advantage of this, if they haven't already, especially since it has the same two-way audio that "Santa" used with the Ring cameras.
(If any of my former co-workers are reading this, I genuinely don't mean you any ill will in particular. But the company really needs to fix those issues, and not simply re-case commodity camera systems from surveillance states. There's obviously a backdoor, and if Aoni/China can access it, so can the aforementioned disgusting people.)