Wednesday, 2 September 2015

Internet-Connected Video Baby Monitors Are Basically The Most Hackable, Least Secure Thing Ever


The implacable march of technology has, in many ways, made parents’ lives easier. But in other areas, it’s added a whole new layer of complication. Like the fact that video-enabled baby monitors, designed to let parents have peace of mind while their kids are sleeping in another room, almost universally have completely crap security that any random stranger on the internet can tap into.

Fusion spoke with a security researcher who tested out nine of the most popular, widely-available brands of video baby monitor, and what he found isn’t pretty.

The monitor brands researcher Mark Stanislav tested included popular models from Philips, Summer Infant, TRENDnet, iBaby, Lens Laboratory, and Gynoii. He gave eight of the nine an “F” for security. Just one passed, barely, with a D-.

In this sense, baby monitors are just like every other poorly-secured, wifi-enabled camera. If your device ships with a default password that you don’t change, basically anyone anywhere can have access to it.

But what makes the baby monitor situation even worse, the research found, is that in many cases, the scary settings are ones that parents don’t have access to. Stanislav told Fusion that of the nine brands his company tested, “Every camera had one hidden account that a consumer can’t change because it’s hard coded or not easily accessible. Whether intended for admin or support, it gives an outsider backdoor access to the camera.”

In other words, even a tech-savvy, security-minded consumer can’t fix this problem on their own.

Unlike some other recent hacking research, the baby monitor situation isn’t just academic or theoretical. It’s a known problem out in the wild, with proven harms. There have been many incidents in the past several years of parents reporting hearing intruders on their baby monitor lines, including one disturbing incident just this week when a hacker tapped into one family’s baby monitor and played “Every Breath You Take” while making, as the family told local media, “sexual noises.”

Watch out, new parents — internet-connected baby monitors are trivial to hack [Fusion]


by Kate Cox via Consumerist

No comments:

Post a Comment