Photo (cc) by donnierayjones
Video baby monitors are designed as safety devices, meant to provide parents with peace of mind and allow them to keep a watchful eye on their little ones.
Now consider this: many Internet-connected baby monitors lack even the most basic security features, allowing hackers easy access to your child’s private world. That’s the warning from Boston-based security firm Rapid 7 Inc., which just released a new report on the vulnerabilities of baby monitors.
Rapid 7 recently tested the security of nine popular, widely available brands of Internet-connected baby monitors. What the company found was alarming.
“Eight of the nine cameras got an F and one got a D minus,” said Rapid 7 security researcher Mark Stanislav in an interview with Fusion. “Every camera had one hidden account that a consumer can’t change because it’s hard coded or not easily accessible. Whether intended for admin or support, it gives an outsider backdoor access to the camera.”
Rapid 7 also found that some of the monitors didn’t encrypt their data streams or web and mobile features.
The thought of some weirdo having easy access to video of infants and toddlers sleeping or playing in what should be the safety of their own bedrooms is frightening.
The tested baby monitors ranged in price from about $55 to $260 and include these: iBaby M6 and iBaby M3S; Withings WBP01; WiFi Baby WFB2015; Philips In.Sight B120; TRENDnet Baby Cam TV-IP743SIC; Summer Infant’s Summer Baby Zoom WiFi Monitor & Internet Viewing System; Lens Laboratory Peek-a-View; and Gynoii.
The more expensive video monitors unfortunately didn’t translate to higher levels of security, according to The Associated Press.
“In fact, the pricier models usually came with more features, which left unsecured could give hackers more ways to potentially access a camera or its video stream,” the AP noted.
If you have an Internet-enabled video baby monitor, here are some tips from Rapid 7 to safeguard your device from prying eyes:
- Updates: It’s important to look for camera or mobile application or firmware updates for your baby monitor.
- Password protection: If your monitor has a default password, make sure you change it to a strong password that protects access.
- Use with care: If you have a baby camera with known vulnerabilities, stop using it or only use it sparingly and unplug it when not in use.
Stanislav said that since his research was published, he’s been inundated with questions about baby monitors.
“I’m a super popular person with pregnant women right now,” said Stanislav by phone to Fusion. “Everyone is asking me about which baby monitor they should buy.”
For parents who want an Internet-connected baby monitor, Stanislav said he recommends the Google-owned Nest’s Nestcam, formerly known as Dropcam.
“I’ve got a lot of faith in it and use it,” Stanislav said.
Rapid 7 disclosed the monitors’ vulnerabilities with the companies that manufactured them. The security company noted that Phillips was the most responsive of the vendors that it approached, committing itself to quickly developing a software update that it would provide to customers.
Share your comments below or on our Facebook page.