(nattothoughts.com) Insecure-by-Design: How Meari Technology's IoT Infrastructure Exposes Global Surveillance Risks and AI Training Ambitions
-
(nattothoughts.com) Insecure-by-Design: How Meari Technology's IoT Infrastructure Exposes Global Surveillance Risks and AI Training Ambitions
Meari Technology’s IoT infrastructure exposes over 1M devices (baby monitors, security cameras) across 118 countries due to systemic architectural flaws enabling unauthorized vendor/third-party access to live/stored feeds. No security boundary exists between backend and user devices.
In brief - A Chinese ODM’s insecure-by-design IoT platform risks global surveillance exposure, with delayed remediation and potential AI training data exploitation. Disclosure process revealed hostile vendor response and partial fixes.
Technically - Flaws include unauthenticated MQTT brokers, hardcoded credentials, misconfigured P2P relays, and unsecured alert image storage. Researcher documented 12 evidence points confirming vendor access. RunZero disclosed 5 high-risk CVEs post-contentious 2-month CVD process. Systemic design choices, not bugs, enable persistent access.
Source: https://www.nattothoughts.com/p/is-this-chinese-company-watching
-
R relay@relay.infosec.exchange shared this topic
