Research by a cybersecurity firm discovered that, despite the numerous reported attacks, some of the most popular Internet-connected baby monitors out in the market today remain vulnerable to hackers due to the lack of basic security features.
The report was released by Rapid7 Inc., which took a look at nine models of baby monitors that were manufactured by eight various companies. The price range of the devices was from $55 to $260.
Baby monitors are used by parents to keep an eye on their baby remotely, with the device usually placed over the crib or at any location that allows the parents to see what is going on with their child. The devices film the baby and streams the footage, which can be accessed by parents through a personal website or through an on their tablet or smartphone. Some baby monitors also have motion and noise detectors to alert parents whenever the child moves or makes a sound.
However, as they remain vulnerable, hackers could also be able to take over the device and also watch the children that the baby monitors are supposed to be protecting. Hackers could also jump from a hacked baby monitor into another device on the home's Wi-Fi network, such as a personal computer or the house's security system.
"There's a certain leap of faith you're taking with your child when you use one of these," said Rapid7 senior security consultant Mark Stanislav.
The researchers discovered that there were severe security issue and flaws in the design of all the baby monitors that they studies. According to Stanislav, some of the devices had hidden and unchangeable passwords, which are often listed in manuals or online that hackers can retrieve to gain access. Some of the baby monitors also do not use encryption on their video streams and web or mobile features.
The study by Rapid7 rated the security of the devices on a 250-point scale, with the scores then leading to a grade of between A and F. Of the nine tested baby monitors, eight received a grade of F while one received a grade of D.
Stanislav added that higher prices did not necessarily translate to safer baby monitors, as additional features gave hackers more opportunities to access the babby monitor and its video stream.
The baby monitors that were tested are the Phillips In.Sight B120, the iBaby and iBaby M3S, the Summer Infant Summer Baby Zoom WiFi Monitor & Internet Viewing System, the Lens Peek-a-View, the Gynoii, the TRENDnet WiFi Baby Cam TV-IP743SIC, the WiFiBaby WFB2015 and the Withings WBP01.
The manufacturers of the tested baby monitors have already been notified of the issues earlier this summer and have already started to take necessary steps to fix them.
To keep themselves safe, parents are advised to always keep the software of their baby monitors and related apps updated. In addition, it would be best to unplug baby monitors when not in use.