How to Know If Your Baby Monitor Is a Security Threat to Your Family
Pinterest Whatsapp
Advertisement

Keeping your children safe is one of your ultimate goals in life. It sure is for me. But at the end of a long day, you want to put them to bed and sit down with a nice cold one. If you have an infant, there’s a good chance you also have a baby monitor. Hearing those little movements, those tiny coughs and gurgles let you know the small one is secure.

In the old days, your baby monitor was audio-only, using a radio frequency for its connection. But modern baby monitors are online, networked, available through your smartphone, with videos and other “features.” Is there any need for a network-enabled baby monitor Practical Uses for Your Home Surveillance Cameras Practical Uses for Your Home Surveillance Cameras Home surveillance cameras are getting more popular with each passing year as technology improves and prices drop. Here are some practical uses for home security cameras, some which may surprise you. Read More , or is it more of a threat than you realize?

The Modern Baby Monitor

Sound was the only thing an old baby monitor gave anxious parents. Keeping the monitor close to baby’s crib would provide just enough feedback to calm those fears. But baby monitors are evolving along with the rest of the technological world. A cursory glance at “the best baby monitors of 2018” tells me that the majority of monitors now have:

Others come with cloud storage (why?!), built-in lullabies, temperature monitoring, and more. But you catch my drift: a modern baby monitor is more akin to a small media center with respect to the radio-audio versions of yesteryear.

And that is where the problem arises. Because we connect our baby monitors to the internet and because they are essentially tiny computers, they are susceptible to many of the same issues.

3 Examples of Baby Monitor Vulnerabilities

In the past three years, dating back to 2015, numerous baby monitor products were flagged as vulnerable. Here are three prime vulnerable baby monitor examples.

1. Mi-Cam Spying

The Chinese-manufactured Mi-Cam device has approximately 50,000 users. But in February 2018, Austrian security company, SEC Consult, found a series of vulnerabilities in the devices.

One attacker gained access via a proxy server that simply bypassed the camera’s password. Another vulnerability allowed them to act as a man-in-the-middle, intercepting live video streams between the device and the manufacturer’s cloud server.

Also, the research team tore the device apart to extract the firmware. They found “very weak four-digit default credentials,” according to their research blog.

2. FTC Names Several Insecure Baby Monitors

Back in 2016, the New York Department of Consumer Affairs received multiple reports of baby monitors as hacking targets. The monitors were being used to scream at, menacingly laugh at, or play intimidating and scary noises to infants.

The FTC built on the New York DCAs investigation, looking at five different baby monitors. It found that only one monitor required a secure password, while two had no encryption at all. Three allowed repeated password guesses after an incorrect entry, making them susceptible to a brute force attack.

The FTC findings weren’t a one-off. Security firm Rapid 7 found similar vulnerabilities after testing nine Wi-Fi capable baby monitors. Their research found that “Every camera had one hidden account that a consumer can’t change because it’s hard-coded or not easily accessible. Whether intended for admin or support, it gives an outsider backdoor access to the camera.”

3. Russian Site Streaming Thousands of Webcams

How to Know If Your Baby Monitor Is a Security Threat to Your Family insecam security cameras iot ip address vulnerable

While this isn’t specifically baby monitors, a fair few where accessible via a Russian website acting as a portal for vulnerable internet connected webcams.

At its peak, some 73,000 webcam streams were available to Insecam’s users. The site pulls webcam IP addresses from Internet of Things device search engine Shodan, making the streams available to anyone.

Understandably, the site attracted some concern. The site owner added filtering to make sure that “none of the cameras on Insecam invade anybody’s private life.” Furthermore, the site now removes “any private or unethical camera” after an email complaint.

Why Are Baby Monitors Vulnerable?

Modern Wi-Fi enabled baby monitors are vulnerable for the same reasons everything else is: poor security. Particularly so, considering the chasm of vulnerability that is the Internet of Things (IoT). There is a good reason that security experts are incredibly wary of IoT devices. A great many have no security customization options.

That means you have no direct control over the passwords that secure your devices. In turn, this means the baby monitor’s security is dependent on your internet connection security. As evidenced by the Insecam site, there are tens of thousands of cameras and baby monitors lacking even the most basic password protection, let alone encryption and other security features.

Another issue with default device security is the availability of lists containing thousands of pre-installed passwords. It only takes a moment to cross-check a device’s default settings.

Researchers at Ben Gurion University, Negev, Israel found that not only do devices force you to use default settings but that those settings are sometimes uniform across multiple devices. Given the propensity of manufacturers to use appalling four-digit PINs such as 0000 or 1234, this isn’t entirely surprising.

“It is truly frightening how easily a criminal, voyeur or pedophile can take over these devices,” said Dr. Yossi Oren, senior lecturer in Ben Gurion’s Implementation Security and Side-Channel Attacks Lab. “Using these devices in our lab, we were able to play loud music through a baby monitor, turn off a thermostat and turn on a camera remotely, much to the concern of our researchers who themselves use these products.”

Dr. Oren also added that “it only took 30 minutes to find passwords for most of the devices and some of them were found only through a Google search of the brand.”

How to Know If a Baby Monitor Is Secure

There are a few things you can do to find a genuinely secure baby monitor:

  1. The first is to give your home network security a once over. Does your router still have the default password setting? Did you change your Wi-Fi password to something good, strong, and memorable? Are there any unknown devices on your network?
  2. The second is to complete your due diligence while shopping around for a baby monitor. Make sure you can change the device password. Complete a Google search for your respective baby monitors with “security” or “vulnerability” in the search term. If the monitor appears in news articles concerning leaks, breaches, hacks and so on, don’t buy it.
  3. The third is to consider if you really need a baby monitor that connects to the internet, has cloud storage, or sends you push notifications if your baby doesn’t move for a period (yes, they exist, for some reason).

These three points are all vital to securing your baby monitor. But of all of them, the first is most important. If you cannot change the password on your baby monitor, you’ll never win. And that extends to all IoT devices.

If you cannot access the security settings, you are not in control of your security—and that alone is a slippery slope How to Make Your Wireless Security Cameras Untouchable to Hackers How to Make Your Wireless Security Cameras Untouchable to Hackers Over the past few months, stories about security vulnerabilities abound. Clearly this is not an acceptable state of affairs. To combat this, you should secure your security cameras. Let's find out how. Read More .

Image Credit: tiagoz/Depositphotos

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. dragonmouth
    March 28, 2018 at 5:57 pm

    One good thing about INsecure baby monitors is that someone is monitoring your baby while you are getting sloshed on cold ones.

    Anyone who relies on electronics to monitor their baby is not doing their job as parent properly and should not be allowed to have children.

    • Gavin Phillips
      March 28, 2018 at 7:55 pm

      Big, big claims there, but I wouldnt expect anything less from you. I think you have to try harder to be shocking, but I can see what you were going for.

      • dragonmouth
        March 28, 2018 at 8:33 pm

        I should have put a smiley at the end of the first sentence.

        I used "you" as a general, not a personal pronoun. If I had used "one" it would have looked funny.

        Having raised two of my own, I know that no amount of electronics beats up close and personal. I've seen too many kids raised by iPads, iPods, TVs and other electronic gizmos. Parents used them as surrogates and to assuage their guilt over lack of personal attention. Some of those parents should have abstained. It's easy to be a parent, it only takes a few minutes., It's much harder and takes longer to be a Mom and/or a Dad.

        • Gavin Phillips
          March 29, 2018 at 9:05 am

          Smileys always work xD

          But yeah, that's fair enough. We've never used a baby monitor either, always hear the kids ourselves, keep their door open, etc, but I can absolutely see why some parents want them. They do offer an amount of freedom that some parents feel is lost when the sprogs arrive.

        • CommandLineHero
          March 29, 2018 at 5:00 pm

          "kids raised by iPads, iPods, TVs and other electronic gizmos. Parents used them as surrogates and to assuage their guilt over lack of personal attention. Some of those parents should have abstained. It's easy to be a parent, it only takes a few minutes., It's much harder and takes longer to be a Mom and/or a Dad."
          I concur 100%. If they didn't want to be parents, then they should not have had children in the first place. Using these electronic nannies should be considered child neglect. Maybe that would make parents do their darn job rather than ignore their kids.