You've heard the stories of men making lewd comments to baby and caregivers through the monitors. Or the ones where hackers posted live streams of babies sleeping for the world to see. Regardless of the specifics, it’s always alarming to hear about strangers spying via hacked baby monitors. Now, just in time to kick off Baby Safety month, a new report sheds light on just how vulnerable these devices are to even novice cyberstalkers. And it goes beyond making sure you have a secure Wi-Fi password.
Boston-based security firm Rapid7 tested nine popular baby monitors from companies like iBaby, Philips Electronics, Summer Infant and TRENDnet and found a range of potential security flaws and vulnerabilities in nearly every device, from being able to stream footage from a monitor without the owners' authorization to downloading video clips stored in the cloud without any sort of notification.
“There's always a level of risk you're taking when using any kind of internet-connected device,” says Mark Stanislav, Senior Security Consultant, Global Services at Rapid7 who coauthored the report (and is a soon-to-be first time dad).
Rapid7 tested devices across a range of price points from $90 to $205 to show that price doesn’t necessarily indicate quality or enhanced security. As for the connected baby monitor brands whose flaws have been spotlighted, many have been quick to respond with plans to roll out software updates that will fix the security lapses.
But just because your baby monitor wasn’t one of the models tested doesn’t mean it's secure. And unfortunately, protecting a monitor from getting hacked isn't just the consumer's responsibility. "We really have to put a lot of trust into the vendors that put these products on the market," Stanislav says. "They try and want to do the right thing and make sure they provide secure services, but they just aren't always aware of the problems."
Stanislav says that many of features connected baby monitors come with aren't essential to baby's safety, and that he plans to use a radio frequency baby monitor over an internet-connected device for his baby. Despite their reputation for being simpler and less modern, he says the radio versions have many of the same advanced features, like color screens, two-way audio and options to pan, tilt and zoom the lens—without the risk of cyber spying.
But if you do decide to purchase a connected monitor, take these precautions to ensure your device is as secure as possible:
- Purchase your monitor directly from the manufacturer or a store you trust. Avoid third-party vendors.
- Register your device with the manufacturer so you'll be kept up-to-date on software updates, security fixes and recalls.
- Change a product's default password before you start using it, even if not prompted to do so.
- Secure your Wi-Fi network with a password that isn't related to your name, address, city, etc.
- Regularly monitor the vendor's site for product updates, or create a Google Alert receive automatic notifications.
- If it's not essential to use a feature that the monitor comes with, and it's possible to turn it off, do it, Stanislav says. "There's inherently more of a risk when a product has more features and is more complex. If you disable the features you're not using, a security issue is less likely to affect you."
And lastly, Stanislav recommends thinking twice before reusing the same baby monitor for baby no. 2 or accepting a friend's hand-me-down. Internet-connected products often only have up to a three-year life span before they stop creating software updates and fixing security patches, so if you use an outdated device, you won't be kept informed of potential security flaws or have the option for getting them fixed.