Serious RCE Vulnerabilities Found In Motorola Halo+ Baby Monitor

A researcher found critical security vulnerabilities in the Motorola Halo+ baby monitor. Exploiting this flaw could allow an adversary to access sensitive information and execute arbitrary commands. Thankfully, the vendors patched the bug before possible exploits.

Motorola Halo+ Baby Monitor Vulnerabilities

Security researcher Randy Westergren has elaborated his findings of security vulnerabilities in Motorola Halo+ baby monitor.

Motorola Halo+ is a dedicated baby monitor comprising a handheld display device, a camera, and a mobile app ‘Hubble Connected’.

Specifically, the researcher found the issues while examining the baby monitor as an expecting parent. Reverse engineering the app let the researcher notice the underlying problems.

At first, Westergren observed the API requests connecting to Hubble’s cloud platform. Intercepting these HTTP requests could allow accessing the information. In fact, exploiting further would even allow shell access to the device.

But, the most critical vulnerability affected the MQTT implementation. Describing the matter, the researcher stated in his post,

I opened up MQTT Explorer and configured the connection with the certs from the device. I connected successfully and immediately started seeing messages from an increasing amount of other devices in the Hubble fleet. I realized shortly after connecting that the client was configured to subscribe to # and $SYS/# by default. It seemed pretty obvious that this meant either credentials were shared amongst all Hubble devices, or access control between devices was not enforced within MQTT.

Westergren speculated that such exploitation could let an adversary take control of the entire device fleet.

Patch Deployed

Following this discovery, the researcher reached out to Lenovo officials – the parent company behind Motorola Mobility.

Consequently, the vendors deployed the patches for the two vulnerabilities, CVE-2021-3577 (the RCE flaw) and CVE-2021-3787 (MQTT issue) with firmware versions 03.50.06 and 03.50.14. Specifically, these patches arrive from Binatone – Lenovo’s licensee for the product.

Since the patches are available, users must ensure keeping their baby monitors updated to avoid potential security risks.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients