As the “Internet of Things” has expanded, the network has grown to include refrigerators, cars, light bulbs – and baby monitors. Internet connectivity allows parents to live-stream videos of their children straight to their laptops, tablets, or smartphones.
But many of the most popular Wi-Fi-enabled baby monitors lack basic security controls and could be susceptible to hacking attacks, security researchers warned in a new report.
Technology security firm Rapid7 tested nine different Internet-connected baby monitors for vulnerabilities, and concluded in a report that all were reasonably susceptible to common hacking attacks.
“Overall, we did find some devices that had some very easy-to-exploit issues,” Mark Stanislav, one of the study authors, told ABC News.
The monitors were designed in such a way that an attacker could use them to pull personal information from a user’s home Wi-Fi network, or even gain access to the devices themselves to take control of the monitors’ cameras and microphones, the report concluded. Eight of the tested baby monitors received a security grade of “F,” while one received a grade of “D.”
The notion of a hacker spying on someone’s infant is creepy, but the baby monitors may also open users up to other kinds of hacks.
“A compromise on an otherwise relatively low-value target – like the video baby monitors covered in this paper – can quickly provide a path to compromise of the larger, nominally external, organizational network,” the researchers wrote in their paper. In other words: hackers could exploit baby monitors or other Internet of Things devices used by corporate officers in order to gain access to entirely separate business networks.
How can users who have baby monitors, or other Internet-connected devices, stay safe from hacks? Rapid7 recommended that parents disable extra features such as storing video footage on the Internet, and that they unplug monitors when they’re not being used. It’s also a good idea to make sure that your Internet of Things devices are connected to a secured Wi-Fi network (one protected by a strong password), and not a public access point.
The researchers recommended that the manufacturers of Internet of Things devices do a better job of building in security features that are turned on by default, as well as of delivering security patches via the Internet when flaws or vulnerabilities are discovered. One of the baby monitor makers, Philips, responded to the report with a timeline for patching the security flaws it uncovered.