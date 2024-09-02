As the name of the channel implies, [BuyItFixIt] likes to pick up cheap gadgets that are listed as broken and try to repair them. It’s a pastime we imagine many Hackaday readers can appreciate, because even if you can’t get a particular device working, you’re sure to at least learn something useful along the way.
But after recently tackling a VTech video baby monitor from eBay, [BuyItFixIt] manages to do both. He starts by opening up the device and going through some general electronics troubleshooting steps. The basics are very much worth following along with if you’ve ever wondered how to approach a repair when you don’t know what the problem is. He checks voltages, makes sure various components are in spec, determines if the chips are talking to each other with the oscilloscope, and even pulls out the thermal camera to see if anything is heating up. But nothing seems out of the ordinary.
While poking around with the oscilloscope, however, he did notice what looked like the output of a serial debug port. Sure enough, when connected to a USB serial adapter, the camera’s embedded Linux operating system started dumping status messages into the terminal. But before it got too far along in the boot process, it crashed with a file I/O error — which explains why the hardware all seemed to check out fine.
Now that [BuyItFixIt] knew it was a software issue, he started using the tools built into the camera’s bootloader to explore the contents of the device’s flash chip. He uncovered the usual embedded Linux directories, but when he peeked into one of the partitions labeled Vtech_data2, he got a bit of a shock: the device seemed to be holding dozens of videos. This is particularly surprising considering the camera is designed to stream video to the parent unit, and the fact that it could record video internally was never mentioned in the documentation.
While copying the chip’s contents over serial would have been possible, [BuyItFixIt] instead pulled it out and physically dumped the whole thing with a reader. With a bit of Linux-fu, he’s able to mount the chip dump and confirm that the videos in question are of the previous owner’s infant. Yikes. Of course, he promptly deleted the files once he realized what the camera had stored, but it makes us wonder how many cameras like these are holding private video files waiting for a bad actor to uncover them. This is an important reminder of the inherent dangers of tossing away “broken” smart devices.
As for the repair itself, [BuyItFixIt] reasoned that some file — maybe the database of videos — must have been corrupted on the chip, so he took the nuclear option and wiped it all out. He had to use the bootloader commands to recreate the partition table, but once that was done, the firmware seemed to understand that it had been returned to a factory state and was finally able to boot up normally. He’s documented the commands he used to get it back up and running in the hopes he can help out somebody else with a similarly ailing camera.
We can never get enough of this sort of firmware hacking, and the fact that this particular bout opened up with a great real-world example of hardware diagnosis makes it all the better. This is a long video, but one that’s well worth your time to check out. If you’d like to see more repairs from [BuyItFixIt], we’ve got you covered.
5 thoughts on “Video Baby Monitor Repair Uncovers Private Data”
The only part that should be shocking about this is that it left behind evidence of its wrongdoings. Who knows what and when things like this upload to where.
@Duh said: “Who knows what and when things like this upload to where.”
It continuously uploads what it stole from you directly to Pooh Bear in the Chinese Communist Party.
Good point. No imminent need to panic, thus.
Back in the late 20th century, babyphones did operate on 27 MHz and could be heard by whole neighborhood.
Back in 70s and 80s, about everyone had a CB station, even in the car, which makes it even more relevant.
But even if they hadn’t, CB to medium wave converters had been around.
So people could listen to 11m band and babyphone in the car radio.
They couldn’t send, but receive. That was useful for certain things. CBers could listen to their friends’ weekly rounds on CB or could hear their girl friend calling them home. Things like this.
But that was another time, maybe. People were more relaxed, more open. Less soap opera.
Back then, children used to walk to school all alone or with friends (better), did explore neighborhood with bicycles and so on.
At least here in my country. Not sure how it is in other countries.
This isn’t surprising. Having a short cache to handle brief intermittent outages is a feature more than a bug.
What is surprising is that the device didn’t have a “factory reset” button that blew away all saved data. It’s also surprising that their legal department let them leave it turned on without documenting it. This is the kind of thing that can get you sued if you don’t either document it or leave it “off by default.”
Very interesting!
Engaging in malicious activity requires much more intelligence than an activity carried out with negligence, laziness or stupidity. Fortunately intelligence is a less widespread quality than negligence, laziness or stupidity among humans. And that intelligence also requires more financial means (except of course for the commercial or legal consequences that negligence, laziness or stupidity sometimes entails).
Since this device does not have an internet connection to call home, nor a GPS to locate the user, it would seem that the second hypothesis is the correct one.
That said, I remember someone saying: “only the paranoid will survive”. In addition, being paranoid from time to time allows you to feel like an important person ;)
