NurseryCam breached through dangerous vulnerability

Edward Kost
Edward Kost
February 22, 2021

A dangerous vulnerability in a nursery monitoring system gave cyber criminals an opportunity to seamlessly access any live camera feed in any location.

NurseryCam allows parents to remotely log into the nursery minding their child to check up on them. NurseryCam services about 40 nurseries across the UK for children aged between 5 months and 6 years.

Internet of Things security prober Andrew Tierney (Cybergibbons) documented the vulnerabilities exposing NurseryCam’s sensitive data.

Tierney noted that the firewalls surrounding NurseryCams could be easily bypassed through a process known as ‘port forwarding’, allowing access to the Digital Video Recorder (DVR) installed in the targeted nursery.

nurserycam vulnerabilities
Port forwarding allows threat actors to bypass NurseryCam’s firewalls - Source:

Whenever a parent logs into NurseryCam’s web portal or mobile application, a connection is autonomously established to their associated DVR. The credentials for such a connection are the same for all NurseryCam users:

Username: admin

Password:  admin888

This means anyone could directly log into any DVR and access its footage just by knowing its IP address and login credentials.

Weak and openly publicised login credentials allows anyone to access NurseryCam footage - Source:

These login credentials wouldn’t be hard to find either, NurseryCam has included them in a public instruction manual on their website.

Tierney reported these gaping vulnerabilities to NurseryCam on 6th February, and then later tweeted them on 12th February. A parent contacted Tierney telling him that they had informed NurseryCam of the same vulnerabilities 6 years ago.

The concerned parent realized that any NurseryCam could be accessed with just a few simple URL edits.

NurseryCam repeatedly diluted these accusations claiming that their security framework is even safer than “online banking.”

But an unknown hacker has finally forced NurseryCam to admit its shortcomings by breaching their sensitive data. The hacker accessed parent viewing accounts, acquiring email addresses, passwords, usernames, and names.

The hacker wasn't a threat, the motivation behind the cyber attack was to force NurseryCam to raise their security standards.

Dr. Melissa Kao, Director of Footfallcam - the firm behind NurseryCam, advised BBC that the exposed vulnerabilities in this breach are different to the ones highlighted by Tierney.

Thankfully, the NurseryCam hacker had noble intentions. Most hackers don't.

In 2018 a threat actor assumed control of a WiFi baby monitoring system to broadcast kidnapping threats. The mortified parents rushed to the 4-month-old’s room, finding him peacefully asleep to the sinister voice spouting from the monitor speakers.

NurseryCam didn’t secure their vulnerabilities for 6 years. It took multiple tweets and an actual data breach to finally convince them to significantly strengthen their security posture. 

Such complacency is, unfortunately, common among vendors, placing businesses at a heightened risk of third-party attacks

In the absence of certainty, organizations need to take ownership of their vendor security with third-party attack surfacing monitoring solutions. Otherwise, it may take a data breach to finally convince vendors to evaluate their security efforts.

How secure is NurseryCam?

NurseryCam specialises in CCTV, parental webcam and website designs for day nursery sector in UK.
  • Check icon
    View our free preliminary report on NurseryCam’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
Security ratings
Abstract shape
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating