- Joined
- Dec 26, 2014
- Messages
- 58
- Points
- 0
Spying on baby: Hackers can easily access video crib monitors, report finds
Compromised camera could also allow access to other Wifi-enabled devices in the home
PUBLISHED : Thursday, 03 September, 2015, 9:38pm
UPDATED : Thursday, 03 September, 2015, 9:38pm
Associated Press in New York
Several of the most popular internet-connected baby monitors lack basic security features, making them vulnerable to even the most basic hacking attempts, according to a new report from a cybersecurity firm.
The possibility of an unknown person watching their baby's every move is a frightening thought for many parents who have come to rely on the devices to keep an eye on their little ones. In addition, a hacked camera could provide access to other Wifi-enabled devices in a person's home, such as a personal computer or security system.
The research released by Boston-based Rapid7 looks at nine baby monitors made by eight different companies. They range in price from US$55 to US$260.
The cameras are often mounted over a baby's crib or another place where they spend a large amount of time. They work by filming the child, then sending that video stream to a personal website or an app on a smartphone or tablet. Some of the cameras also feature noise or motion detectors and alert parents when the baby makes a sound or moves.
"There's a certain leap of faith you're taking with your child when you use one of these," said Mark Stanislav, a senior security consultant at Rapid7 and one of the report's authors.
The Rapid7 researchers found serious security problems and design flaws in all of the cameras they tested. Some had hidden, unchangeable passwords, often listed in their manuals or online, that could be used to gain access. In addition, some of the devices didn't encrypt their data streams, or some of their web or mobile features, Stanislav said.
The problems with the cameras highlight the security risks associated with what's become known as the "internet of things". Homes are becoming increasingly connected, with everything from TVs to slow cookers now featuring Wifi connections. But many consumer devices often don't undergo rigorous security testing and could be easy targets for hackers. And a hacker with access to one connected device could potentially access everything tethered to that home's Wifi network, whether it's a home computer storing personal financial information or a company's computer system that's being accessed by an employee working from home.
In the Rapid7 study, researchers rated the devices' security on a 250-point scale. The scores then received a grade of between "A" and "F". Of those tested, eight received an "F", while one received a "D". All of the camera manufactures were notified of the problems earlier this summer and some have taken steps to fix the problems.
"When one gets an 'F' and one gets a 'D minus', there isn't an appreciable difference," Stanislav said. "And unlike a laptop where you can install firewalls and antimalware, you can't do that here."
For example, researchers noted that the Phillips In.Sight B120 baby monitor, which retails for about US$78, had a direct, unencrypted connection to the internet. That could allow a hacker to watch its video stream online, as well as remotely access the camera itself and change its settings, the report says.
Phillips released a statement noting that the model in question has been discontinued. It added that its brand of video baby monitors is now licensed to Gibson Innovations, which is aware of the problems and is working on a software update designed to fix it.
