Baby Monitors Vulnerable to Cyber Attack
As a somewhat unsurprising revelation, Baby Monitors Vulnerable to Cyber Attack is a theme gaining traction around the media today. Computer World reported in early 2015 that parents were disturbed when their Foscam baby monitor was hacked. The hackers would control the camera or even talk to the baby and parents. Foscam has been at the forefront of attacks over the last few years. Now at the beginning of September, as reported by Ars Technica.
Scope of Attack(s)
Multiple Internet connected Baby Monitors Vulnerable to Cyber Attack were expolited. These monitors are considered to be a part of the “Internet of Things” (IoT). This is a term to describe everyday devices such as thermostats and baby monitors that have networking capabilities.
Technical Details Known Thus Far
Cybersecurity Research firm, Rapid7 spent most of 2015 reviewing nine models and scored them with a 250 point scale for overall security. Eight out of the nine models failed. The ninth received a D grade. Some of the models included are:
- Gyonii (GCW-1010)
- iBaby (M3S)
- iBaby (M6)
- Lens (LL-BC01W)
- Philips (B120/37)
- Summer (28630)
- TRENDnet (TV-P743SIC)
- WiFiBaby (WFB2015)
- Withing (WBP01)
A quote from the ZD Net report indicates that the monitors were hacked fairly easy:
“The iBaby M6 has a web service issue that allows easy access to other people’s camera details by changing the serial number in a URL string. By abusing this access, filenames of a camera’s recorded video clips (automatically created from a motion or noise alert) can be harvested. Through a simple script, an attacker could potentially gain access to every recorded clip for every registered camera across the entire service.”
Most of the cameras had serious security problems. They included hidden or unchangeable passwords or the devices didn’t encrypt the data stream. CBS News reported that some of the officials for these models didn’t immediately respond to these findings. The higher priced models also didn’t mean it had more security measures.
How the Hack Could Be Prevented
The only devices tested were Internet connected devices. To simply avoid having your baby monitor hacked would be to purchase a device that doesn’t connect to the the internet for more security. One that doesn’t connect to any network is the most secure, but also the most tedious to install. Traditional baby monitors come with a camera and monitor, but the range will only allow you to use it around home.
Internet connected baby monitors are becoming bigger due to the Internet of Things. These monitors allow parents to check in on their family when they are not in the house or allowing other family members to catch a glimpse of the baby from afar.
You do not need to stay away from these types of devices, but it is best to do your research if you are not familiar with securing them. A few tips to start off would be to research the different models until you find the device that suites your needs and to change the default password, using a complex password. Most of the devices will have a default password such as, password or admin. These need to be changed immediately. These are posted in manuals and on the internet, hackers are aware of this.
Once you have changed the password your device will be more secure, but be cautious about who you give the password to. Ideally only you and your significant other would require the password. If you would prefer other family members or friends to have access, then install the application and type in the username and password yourself or change the password, let them view it, then revert back to our other (secure) password. FaceTime, Skype, or Google Voice Chat are also suitable alternatives.
Remember by not securing any of your internet connected devices, you are leaving yourself and your network open to an attack. Potentially the would be hackers could hack into a device such as a baby monitor and gain full access to your network and lose passwords or personal information in addition to other nefarious deeds that internet predators can perpetrate.
Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.