Meari Technology’s IoT infrastructure exposes over 1M devices (baby monitors, security cameras) across 118 countries due to systemic architectural flaws enabling unauthorized vendor/third-party access to live/stored feeds. No security boundary exists between backend and user devices.

In brief - A Chinese ODM’s insecure-by-design IoT platform risks global surveillance exposure, with delayed remediation and potential AI training data exploitation. Disclosure process revealed hostile vendor response and partial fixes.

Technically - Flaws include unauthenticated MQTT brokers, hardcoded credentials, misconfigured P2P relays, and unsecured alert image storage. Researcher documented 12 evidence points confirming vendor access. RunZero disclosed 5 high-risk CVEs post-contentious 2-month CVD process. Systemic design choices, not bugs, enable persistent access.

Source: https://www.nattothoughts.com/p/is-this-chinese-company-watching

#Cybersecurity #ThreatIntel