In the last few weeks, the New York Department of Current Affairs issued a “Consumer Alert” regarding hacked wi-fi baby monitors. It contained the rather shocking news:
“..if they (video monitors) aren’t secure, they can provide easy access for predators to watch and even speak to our children”
After learning about this, I decided to conduct some research. I wanted to know specifically which ones aren’t safe and get a few answers. Which baby monitor is safe from hacking? What can we as parents do to prevent these sick people from spying on our babies?
Included in this article:
There are hidden accounts inside many baby monitors that can be exploited by hackers to spy on our kids. These accounts are intended for administration or support. They are hard coded and not readily accessible by the consumer. However, they can be accessed by hackers quite easily. They give the intruder back door access to the camera!
Default Passwords & No Encryption
Some baby monitors also use Internet portals that easily allow you in if you guess the devices serial number. They also connect to portals with default passwords and lack secure encryption when transmitting to the internet. This basically makes it very easy for the lowlifes to find a way in.
What is being Done?
Well, this issue has steadily been getting more publicity since 2014. Extensive studies and research has now been performed. Some companies are using the research to make their products more secure. Parents are also given more advice on how to make their monitor more secure.
Baby Monitors to Avoid Purchasing
Listed here are baby monitors to avoid due to poor security.
- iBaby M6
- iBaby M3S
- Philips In.Sight B120/37 All Models
- Summer Baby Zoom Wifi Monitor and Internet Viewing System
- Lens Peak-A-View
- TrendNet Wifi Baby Cam TV-IP743SIC
All of these Baby Monitors were found in this case study to have one or more security vulnerabilities.
Issues include: predictable information leaks, backdoor credential leaks, authentication bypass abilities, direct browsing capabilities, and privilege escalation problems.
TrendNet has had problems all along with its internet-connected cameras being hacked. The company is supposedly working on a comprehensive information security program to fix this issue.
iBaby says they have begun encrypting the data sent from customer’s Baby Monitors and that customers can update their iBaby app for the changes to take effect.
Philips says that they are aware of the security risks and that they are developing and implementing software updates to help fix the affected products.
Which Baby Monitor is “Hack Proof”?
Just about anything connected to the internet can be hacked. The following are some types and models that make things a whole lot harder.
Nanit Pro Smart Baby Monitor
Well, there’s at least one baby monitor manufacturer which can give parents peace of mind! Nanit Pro Smart Baby Monitors are all equipped with 256 bit encryption and 2-way authentication. It’s a digital signal so is more secure than baby monitors which use analog.
Range is effective wherever you can access your home wifi network.
Nest Cam Security Camera
The Nest Cam (formerly “Dropcam Nest”) is a home video monitoring system that can be used as a secure baby monitor.
Nest uses Wifi, and Smart Technology so you can view any room in your home from your Wifi portable devices in HD quality.
Dropcam was recently acquired by google. So they know a heck of a lot about online security. Researchers tried their best to hack into the live online feed, and failed. They were able to take control of the files but they need to be able to physically touch the camera to do this. And even then, there’s still no 2-way communication with your baby.
On the whole, this is as “hack-proof” as wifi video cameras can get. The drawback with this system is the feed is streamed via their website. You need to pay a subscription starting at $10 a month to access it. So, it seems increased security comes at a price :(
Another drawback is some users experience lag with the system. This is not ideal with a baby camera. To get round this, parents are using Nest Cam in tandem with an inexpensive audio camera, but this doesn’t sound optimal to me.
Digital Baby Monitors
Digital Baby Monitors are not as high tech as Wifi Monitors. You cannot view the feed online with a smartphone, tablet, or computer like with WiFi. Therein lies the problem. The more “accessible” the feed is, the more chances someone has of finding a way in. So if you can live without this feature, a digital baby monitor offers a more secure solution.
Put simply – you can’t hack closed-circuit cameras.
How to Secure your Wifi Baby Monitor
Even if your Wifi baby monitor is not included on the hackable list, this does not mean that your monitor is safe.
Here is some advice from experts which can make your monitors more secure!
- Buy your monitor directly from the company that makes them. Avoid buying used / pre-owned.
- As soon as you get your product, and before setting it up, register it. By doing this, you will receive software updates that are specifically being designed for security concerns.
- Change the default password for the monitor. Make sure the password is unique, long, and strong. Default passwords are easy to guess by hackers!
- Put password protection on your home router. Do not use common passwords or passwords that include your town, city, or your name.
- Firewall your privacy! If you do not know how to do this, hire a professional to install a Firewall between your internet connection and all of your devices! This will keep intruders out!
- Secure your Wifi! Make sure your home Wifi is secured and locked down properly with WPA2 + encryption and SSID masking to make it tough to hack!
- Turn-off your Baby Monitor when not in use. Leaving on devices all the time makes it easier for intruders to hack the systems.
Check your Router for Intrusion
One more step that you can take to inspect for Internet intrusion is to check your Wifi router. Several programs are available for this purpose.
One tool to use for this purpose is Router Checker from F-Secure. This is a web-based tool used to determine whether the DNS that you are connected to the internet through via the router is running as it should be.
Using Router Checker can tell you if requests being sent to your router are coming from your devices or are if they are coming and going via third party devices!