Updated A parental webcam targeted at nursery schools was so poorly designed that anyone who downloaded its mobile app gained access to admin credentials, bypassing intended authentication, according to security pros – with one dad saying its creators brushed off his complaints about insecurities six years ago.
Anyone could have logged into Nurserycam's DVRs thanks to poor design choices – and a decision to "authenticate" logins by passing the device's admin username and password to parents, claimed a reverse engineer who looked into the matter.
Melissa Kao, a director of Footfallcam Ltd, the firm behind Nurserycam, insisted to The Register that what infosec researchers had found was "legacy non-functional codes" [sic] that were "there to distract hackers".
Footfallcam Ltd was recently seen on The Register after it threatened an infosec researcher with a baseless police report nurserycam horror secure daycare video monitoring product beamed admin creds users
