Arenti, ieGeek, Boifun and Meari Technology: When "Secure" Cameras Become Peep Shows: 1M+ Baby Monitors Left Families Exposed

Arenti, ieGeek, Boifun and Meari Technology: When "Secure" Cameras Become Peep Shows: 1M+ Baby Monitors Left Families Exposed

1.1 Million Baby Monitors Exposed in Global Security Flaw, Leaving Families Vulnerable

A critical security flaw in over 1.1 million baby monitors and security cameras sold under brands like Arenti, Boifun, and ieGeek left families worldwide exposed for months, allowing unauthorized access to live feeds with minimal effort. Discovered by French cybersecurity researcher Sammy Azdoufal, the vulnerability stemmed from a single extracted key that bypassed authentication entirely, enabling anyone to view private footage simply by clicking a link.

The affected devices, manufactured by Chinese company Meari Technology, were distributed across 118 countries, including the U.S. and Europe. Azdoufal demonstrated the flaw to The Verge, revealing how easily he accessed intimate scenes children’s bedrooms, unguarded moments, and personal spaces without passwords or hacking. The issue highlighted systemic risks in cheap, cloud-connected IoT devices, where security is often an afterthought.

The incident underscores broader concerns about consumer IoT regulations and the dangers of white-label hardware with lax safeguards. Azdoufal discussed the findings in detail on the Cybercrime Magazine Podcast, emphasizing the need for stricter oversight in the industry. No official response from Meari Technology has been reported as of the discovery’s public disclosure.

Source: https://cybersecurityventures.com/when-secure-cameras-become-peep-shows-1m-baby-monitors-left-families-exposed/

Arenti TPRM report: https://www.rankiteo.com/company/meari-technology

ieGeek TPRM report: https://www.rankiteo.com/company/iegeek

Boifun TPRM report: https://www.rankiteo.com/company/the-verge

Meari Technology TPRM report: https://www.rankiteo.com/company/meari-technology

"id": "themeaieg1783607332",
"linkid": "the-verge, meari-technology, iegeek",
"type": "Vulnerability",
"date": "7/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '1.1 million devices',
                        'industry': 'IoT, Consumer Electronics',
                        'location': 'China',
                        'name': 'Meari Technology',
                        'type': 'Manufacturer'},
                       {'industry': 'IoT, Consumer Electronics',
                        'name': 'Arenti',
                        'type': 'Brand'},
                       {'industry': 'IoT, Consumer Electronics',
                        'name': 'Boifun',
                        'type': 'Brand'},
                       {'industry': 'IoT, Consumer Electronics',
                        'name': 'ieGeek',
                        'type': 'Brand'}],
 'attack_vector': 'Authentication Bypass',
 'data_breach': {'sensitivity_of_data': 'High (private family moments, '
                                        'children’s bedrooms)',
                 'type_of_data_compromised': 'Live video feeds'},
 'description': 'A critical security flaw in over 1.1 million baby monitors '
                'and security cameras sold under brands like Arenti, Boifun, '
                'and ieGeek left families worldwide exposed for months, '
                'allowing unauthorized access to live feeds with minimal '
                'effort. The vulnerability stemmed from a single extracted key '
                'that bypassed authentication entirely, enabling anyone to '
                'view private footage simply by clicking a link.',
 'impact': {'brand_reputation_impact': 'High',
            'data_compromised': 'Live video feeds of private spaces, including '
                                'children’s bedrooms',
            'systems_affected': '1.1 million baby monitors and security '
                                'cameras'},
 'lessons_learned': 'Systemic risks in cheap, cloud-connected IoT devices '
                    'where security is often an afterthought. Highlights the '
                    'need for stricter oversight in the industry and better '
                    'safeguards for white-label hardware.',
 'post_incident_analysis': {'root_causes': 'Single extracted key bypassing '
                                           'authentication, lax security in '
                                           'white-label IoT devices'},
 'recommendations': 'Stricter IoT regulations, improved authentication '
                    'mechanisms, and enhanced security standards for consumer '
                    'electronics manufacturers.',
 'references': [{'source': 'The Verge'},
                {'source': 'Cybercrime Magazine Podcast'}],
 'title': '1.1 Million Baby Monitors Exposed in Global Security Flaw, Leaving '
          'Families Vulnerable',
 'type': 'Unauthorized Access',
 'vulnerability_exploited': 'Single extracted key bypassing authentication'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.