Make sure that the device that’s supposed to help you keep tabs on your little one isn’t itself a privacy and security risk.
We’ve probably all read horror stories online: a parent is woken in the middle of the night by strange noises coming from their child’s bedroom. They open the door, only to find a stranger “talking” to their baby through the monitor. While rare, such cases do happen from time to time.
Smart technology has provided us with numerous ways to keeping our houses safe(r), from smart locks and doorbells to home security cameras. But when gadgets are fitted with computing power and internet connectivity, they also become a target for remote hackers.
Fortunately, a few best practices can help to provide peace of mind that your baby monitor will be doing its job, and not the bidding of a stranger, and doesn’t itself become a security and privacy risk.
How can hackers hijack baby monitors?
Why would anyone want to hijack a baby monitor? Some are just looking to play a prank. Others may have more voyeuristic aims in mind. And some may even be looking to steal personal information overheard on the monitor, or confirming the house is empty so it can be burgled.
Whatever the reason, there are two main ways to hack a baby monitor. They depend on the kind of monitor it is:
Radio frequency monitors require an eavesdropper to be within range of the signal and know the frequency it is using. Both this, and the fact that most leading products of this type use encrypted communications, make these models a safer bet overall, albeit with more limited functionality.
Wi-Fi monitors are more exposed to hacking because they connect to the home router and, often, out to the public internet. The latter support functionality which allows parents to view the video feed via a mobile app, wherever they are. While this could provide peace-of-mind when out and about, it also opens the door to remote hackers, who might be scouring the web looking for unsecured cameras to hijack.
Even devices that don’t offer this functionality could theoretically be hacked if an attacker were able to hijack the home router. The simplest way of doing so is to guess or “brute-force” its password, although more sophisticated attacks may seek to exploit firmware vulnerabilities.
What could happen?
Either way, the potential repercussions are enough to alarm any parent. Hackers could use their access to eavesdrop silently on your baby, or even communicate with it if the device has a speaker. In some cases, footage from hacked cameras has even ended up on underground sites for others to watch.
Real-life examples of baby monitor hacking in the past include:
- An infamous 2014 case in which it emerged that a website in Russia was broadcasting live footage from homes and businesses all over the world, taken from smart devices secured only with default passwords.
- A 2018 case, in which a South Carolina mother noticed her baby monitor camera was being remotely moved to focus on the spot where she breast-fed her son.
- Another incident from 2018 in which a hacker broadcast messages through a hacked monitor, threatening to kidnap the family’s child.
- A 2019 incident in which a stranger hacked a Seattle couple’s monitor and began broadcasting creepy messages to the child.
- A similar case from earlier this year, when a stranger hijacked a monitor and terrorized a three-year-old with menacing messages using a voice changer.
How to keep your family safe
A British consumer rights group recently urged parents to take their security concerns over baby monitors direct to the manufacturers. It claimed that many of these firms will only change their ways once enough consumers demand changes.
“The more people ask, the more security will become their priority,” it claimed. There are also various efforts at a legislative level, for example in the United States and in the European Union, that are designed to improve the baseline levels of security offered by IoT and smart products.
RELATED READING: Privacy by Design: Can you create a safe smart home?
However, in the meantime, parents need advice they can trust. The good news is that a few best practice security tips go a long way towards keeping the hackers at bay. Here are a few examples:
- Research your options well, and aim to go with a well-regarded manufacturer that places a strong emphasis on security, and has good reviews.
- Install any updates to the device’s software (or firmware)
- If possible, choose a model that does not allow remote communication via an app. If it does, turn off remote access, especially when not in use.
- Setting up a strong and unique password, and enabling two-factor authentication if possible.
- Review monitor logs regularly to check for any suspicious activity, such as individuals accessing it from an unusual IP or at strange times.
- Secure your wireless router with a strong, unique password. Also, disable remote access to it, as well as port forwarding or UPnP. Make sure the router is kept updated with any firmware patches.
Baby monitor hacking is an alarming prospect for any parent. But as with any IoT device, it pays to understand where the risks are, and to take extra precautions to lock out any malicious third parties.
To learn more about more dangers faced by children online as well as about how technology can help, head over to Safer Kids Online.
Why not also watch ‘Hey PUG‘, ESET’s new animated series teaching kids to recognize online threats?
by Phil Muncaster, ESET